Press Release 彙整 - 頁116，共763

What is Self-Service Technology in IT Support? Overview and Benefits

Self-Service Technology: Transforming IT Support

Context

Self-service technology empowers users to access IT services on their own, without the help of IT staff. In other words, it significantly boosts efficiency in handling routine issues while also dramatically cutting costs.

For organizations managing increasingly complex IT environments with limited resources, self service is essential. And when scalability is a priority, it becomes absolutely vital.

But what does self-service technology in IT support look like in action? How does it benefit organizations? What are the most common use cases? In this article, we’ll dive into these questions and explore the full potential of self service in IT.

The Evolution of Self-Service: From Help Desks to Automated Solutions

Traditionally, IT support was reactive: teams stepped in only after an issue surfaced. But with the rise of self-service technology, we’re seeing a shift to a proactive, user-centered model that transforms support from a reactive function into a dynamic, on-demand resource.

This evolution has been remarkable. From basic help desks, we’ve advanced to sophisticated portals with self-ticketing systems and knowledge bases offering real-time, increasingly automated, and intelligent solutions.

Now, support can be available around the clock, every day of the week, without interruptions.

Key Components of Self-Service Technology

User-Centric Design: Portals and Knowledge Bases

An effective self-service platform must be designed with the user in mind. But what does this mean in practical terms? It means offering intuitive interfaces that guide users through troubleshooting steps and provide access to relevant FAQs and an extensive knowledge base.

For recurring IT issues, having a well-designed self-service platform can dramatically reduce resolution times.

Solutions like EasyVista’s IT Self-Service make this achievable without writing a single line of code. To learn more, see here.

The Role of AI: Chatbots, Virtual Agents, and Automated Workflows

Artificial Intelligence (AI) plays a central role in self-service technology. AI-powered chatbots and virtual agents can already handle basic IT requests, providing immediate 24/7 support that minimizes wait times and keeps employees productive

Automated workflows further enhance efficiency by routing complex issues directly to rappropriate IT technicians only when necessary.

We are only beginning to tap into the potential of AI in self-service IT support, with vast opportunities on the horizon.

Self-Ticketing Systems and Troubleshooting Tools

Self-service technology shines through features like self-ticketing systems, which let users submit requests or report incidents directly through a portal.

These systems often come equipped with troubleshooting tools that guide users through diagnostic steps, helping them resolve issues on their own. The goal is always the same: to reduce pressure on IT teams, allowing them to tackle more critical issues without distraction.

The key to success here is user-centered design that makes the self-service process simple and effective.

Real Benefits of Self-Service Technology in IT Support

Reducing IT Overload: Lightening the Load for IT Teams

One of the greatest benefits of self-service technology is its ability to reduce the workload for IT teams. By handling routine requests, self-service frees up technicians to focus on more complex challenges, ultimately improving productivity and lowering costs, which brings us to the next point.

Cost Reduction: Optimizing Operations Through Automation

The efficiency of self-service directly translates into cost savings. By automating routine requests, self-service technology allows organizations to significantly reduce operational costs. Processes that once required IT personnel can now be efficiently managed through automated portals where users can operate independently.

Enhancing Customer Experience: Faster, On-Demand Solutions

Most importantly, self-service technology elevates the customer experience. Users today expect fast, seamless solutions that don’t always require human intervention. Self-service meets this demand, delivering on speed and convenience while ensuring IT resources remain available for high-priority needs.

In short, self-service technology brings tangible benefits across the board—from streamlined operations to happier users and significant cost savings.

Self-Service Technology in Action: Use Cases and Examples

Automating Common IT Requests and Incidents

Routine IT requests like password resets or access to specific resources, can be fully automated through solutions like EasyVista’s IT Self-Service Portal.

By integrating automated workflows, this platform enables businesses to resolve such requests quickly and proactively, drastically reducing response times and minimizing disruptions, allowing businesses to tackle frequent issues proactively. Learn more here.

Empowering End Users in IT Troubleshooting

A well-designed self-service portal like EasyVista’s enables end users to solve straightforward IT issues independently without resorting to direct technical support. With access to guides and resources, users can troubleshoot software configurations or minor issues on their own . The portal also allows them to track their requests in real time, providing transparency and reducing wait times for responses—all through an intuitive interface.

Leveraging Knowledge Bases for Continuous Support

The integrated knowledge base in EasyVista’s Self-Service Portal offers continuous support by providing users with articles, FAQs, and tutorials to resolve common IT issues. This empowers users to become more self sufficient while enhancing their technical skills, creating a win-win situation for both users and IT teams.

Implementing Self-Service Technology: Key Considerations

User Adoption: Overcoming Resistance and Driving Engagement

The real challenge in implementing self-service technology is ensuring: user adoption.

How do we address this? Through intuitive portal design and ongoing updates based on userfeedback to continually enhance the user experience.

Designing an Effective Knowledge Base: What to Include

An effective knowledge base must continually evolve, with resources like tutorials (including videos), troubleshooting guides, and FAQs that meet users’ needs.

Once again, there is no universal recipe: everything depends on the needs of the company and those of its target customers. Tailoring this content ensures that users can quickly access the most relevant information.

Balancing Automation with Human Intervention

While self-service is highly effective for routine tasks, complex issues often require human intervention. Balancing automation with hands-on support ensures that critical requests receive the dedicated attention they need, reinforcing the value of both digital and human elements.

From Present to Future: The Future of Self-Service Technology in IT Support

Next-Generation Self-Service: AI, Machine Learning, and Predictive Support

The future of self-service is closely tied to technologies like AI and machine learning.

AI’s role in self-service technology is evolving rapidly, going beyond simple automation to incorporate intelligent, data-driven solutions. AI-powered chatbots and virtual agents now leverage natural language processing (NLP) to understand and respond to user queries with greater accuracy.

These intelligent systems are increasingly capable of handling complex queries and improving through each interaction to improve future responses.

The ultimate goal? To create systems that not only respond to issues but can anticipate and resolve problems before they escalate .

Self-Service as a Strategic Resource: Beyond IT Support to Business Support

Self-service technology is no longer limited to IT. Organizations are beginning to recognize its potential as a strategic resource capable of improving processes across business functions.

EasyVista’s Enterprise Service Management (ESM) solutions centralize and optimize the management of all business services, not just IT.

With ESM integration, organizations can extend the benefits of self-service to departments like Human Resources, Finance, and Operations, improving efficiency and operational transparency across multiple fronts. With ESM integration, companies can automate cross-departmental workflows, breaking down silos and enhancing internal collaboration to improve service for all employees.

Learn more about how Enterprise Service Management can revolutionize business support.

Conclusion

Self-service technology is transforming how organizations manage IT support, making it more efficient, automated, and user centric.

By adopting intuitive self-service platforms, organizations can empower users to handle routine issues independently, reducing pressure on IT teams, and significantly lowering operational costs.

Ultimately, it’s about enhancing the user experience and building loyalty through better, faster support.

FAQ

What are the main benefits of self-service technology in IT support?
Self-service technology offers several advantages: it reduces the workload on IT teams, automates routine requests, lowers operational.
By enabling users to resolve common issues through intuitive portals and knowledge bases, self-service technology streamlines IT processes. Automation of repetitive tasks further allows IT teams to focus on complex, strategic issues.

What is the future of self-service technology in IT support?
The future of self service lies in advanced technologies like Artificial Intelligence and Machine Learning, with a key goal: to proactively predict and resolve issues before they arise, enabling truly predictive support.

About EasyVista
EasyVista is a leading IT software provider delivering comprehensive IT solutions, including service management, remote support, IT monitoring, and self-healing technologies. We empower companies to embrace a customer-focused, proactive, and predictive approach to IT service, support, and operations. EasyVista is dedicated to understanding and exceeding customer expectations, ensuring seamless and superior IT experiences. Today, EasyVista supports over 3,000 companies worldwide in accelerating digital transformation, enhancing employee productivity, reducing operating costs, and boosting satisfaction for both employees and customers across various industries, including financial services, healthcare, education, and manufacturing.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

2025 EasyVista

真實案例警示：為何 Android 不應自動連接 Wi-Fi？

智能手機的世界充滿自動化功能，因此可靠的 Android 安全防護不可或缺。

大多數智能手機用戶可能知道，連接到任何可用的隨機 Wi-Fi 熱點並非明智之舉。但有時，Android 裝置可能會在您未加留意的情況下，自動連接到惡意 Wi-Fi 網絡。

試想一下：您在心儀的餐廳點完餐，正打算在美食上桌前滑滑手機。然而，您可能沒意識到，此時已有人正在暗中監控您裝置上的一切活動，包括您瀏覽的網站、使用的應用程式，以及輸入的帳號密碼等敏感資訊。

此類攻擊確實可能發生。例如，ESET 惡意軟件研究員 Lukáš Štefanko 就曾展示，若將他執行 Evil M5 韌體的 Cheap Yellow Display（CYD）工具用於不法目的會發生什麼。幸運的是，他以道德黑客（滲透測試人員）的身分發布影片，揭示要獲取智能手機傾向於自動重連的 Wi-Fi 網絡資訊是何其容易。利用這些資訊，攻擊者便可建立偽冒的 Wi-Fi 存取點（即「邪惡雙子星」網絡），藉此竊取受害者裝置內的敏感資料。

讓我們一同深入探討這類攻擊手法，並從中汲取重要的安全教訓。

便利性潛藏的危險

開發人員在設計軟件時，總會優先考量易用性、使用者舒適度與整體體驗。因此，智能手機內建自動重連至先前用過且信任的網絡功能，可謂理所當然。

然而，網絡犯罪分子最愛利用使用者掉以輕心、沉浸於無所不在的自動化便利時發動攻擊。Lukáš Štefanko 所演示的攻擊正是利用此弱點 —— 利用 Android 智能手機會持續且公開地向附近裝置透露其曾連接過、且想要自動重連的 Wi-Fi 網絡這個特性。

幸好，需要攻擊者親身到場的攻擊並不普遍，但這不代表絕無可能發生。例如，澳洲聯邦警察（ AFP）於 2024 年 6 月，就一宗發生於多個國內航班和機場、疑似「邪惡雙子星」的攻擊事件，起訴了一名公民。據稱，從其查獲的裝置中搜出了數十筆被盜的個人憑證。

此外，這類攻擊也可能涉及國家級行動。例如，在最近一場審判中，檢察官便描述了一個位於英國的間諜團夥陰謀。該團夥除其他活動外，亦曾在德國活動，其成員疑使用國際移動用戶識別碼捕捉器（IMSI Catcher）來攔截來自某軍事基地（當時有烏克蘭士兵正在受訓）的手機通訊。

其他潛在威脅

由此可見，連接或自動重連至公開 Wi-Fi 網絡都可能將您置於風險之中。潛在的威脅清單不僅限於流氓熱點：

中間人攻擊（MITM）— 在此類攻擊中，網絡犯罪分子會攔截裝置與 Wi-Fi 網絡間的通訊，從而讀取未加密的敏感資訊，如密碼、信用卡號和個人訊息。

漏洞利用 — 網絡犯罪分子可利用安全性較低的公共網絡漏洞，或目標行動裝置自身的漏洞（尤其在裝置軟件未及時更新的情況下），向連線裝置散播惡意軟件。這些惡意軟件可用於竊取資料、監控使用者活動，甚至完全控制使用者裝置。

封包嗅探 — 公共 Wi-Fi 網絡通常缺乏足夠的加密保護，讓黑客得以輕易竊聽使用者的網上活動。

如何確保安全

顯然，最基本的 Wi-Fi 安全守則便是停用 Wi-Fi 自動連接功能，並且切勿使用免費的公共 Wi-Fi 網絡。若情況不允許，可參考以下建議：

使用虛擬私人網絡（VPN） — VPN 能在使用者的裝置和網際網絡之間建立一條安全加密的通道。

避免在公共 Wi-Fi 上處理敏感資料 — 避免使用要求輸入敏感資訊的網站和應用程式，例如進行網絡銀行交易或網上購物。

保持軟件更新 — 確保您的作業系統和應用程式都維持在最新版本。定期更新通常包含重要的安全修補程式，能防禦已知的安全漏洞。

ESET Mobile Security ：您的堅實後盾

在網絡安全領域，ESET 的能力遠超基本的防毒軟件，這同樣適用於智能手機和流動裝置。ESET Mobile Security 採用 ESET 的「預防優先」策略，旨在攻擊釀成任何損害前即時攔截。此目標的實現，有賴於保護網絡犯罪分子入侵裝置的常見途徑，同時確保安全方案本身簡單易用。

憑藉其針對釣魚網站、簡訊詐騙等多層次的防護機制，ESET Mobile Security 已充分準備應對來自惡意網站的攻擊。例如，其反釣魚功能（透過連結掃描器強化）能保護使用者免受惡意網站侵害；而付款保護則為敏感的支付及金融 App 增添一道安全防線。

安心擁抱科技

多數人都同意，人們天生喜愛便利。事實上，整個科技產業的發展，正是由使用者不斷追求更快捷、簡易、人性化的日常解決方案所驅動。享受科技帶來的便利固然是好事，但切勿忽略潛在的風險。

幸運的是，只要具備基本的網絡安全意識，並在您的 Android 智能手機上安裝值得信賴的安全解決方案，您大致上就能安枕無憂。Wi-Fi 網絡攻擊已是眾所周知的威脅，而像 ESET 這類信譽卓著、擁有逾 30 年經驗的網絡安全公司，能為您的數碼生活保駕護航。

關於ESET
ESET成立於1992年，是一家面向企業與個人用戶的全球性的電腦安全軟件提供商，其獲獎產品 — NOD32防病毒軟件系統，能夠針對各種已知或未知病毒、間諜軟件（spyware）、rootkits和其他惡意軟件為電腦系統提供實時保護。ESET NOD32佔用系統資源最少，偵測速度最快，可以提供最有效的保護，並且比其他任何防病毒產品獲得了更多的Virus Bulletin 100獎項。ESET連續五年被評為“德勤高科技快速成長500 強”（Deloitte’s Technology Fast 500）公司，擁有廣泛的合作夥伴網絡，包括佳能、戴爾、微軟等國際知名公司，在布拉迪斯拉發（斯洛伐克）、布裏斯托爾（英國）、布宜諾斯艾利斯（阿根廷）、布拉格（捷克）、聖地亞哥（美國）等地均設有辦事處，代理機構覆蓋全球超過100個國家。

關於 Version 2 Digital
Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴，Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區，客戶來自各行各業，包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

ESET 2025

Spray and Pray: Botnet Takes Aim at Microsoft 365

Researchers at SecurityScoreCard recently discovered a botnet of over 130,000 devices is conducting password spray attacks against Microsoft 365. Although it hasn’t been confirmed, signs point to the responsible group being from China – the command-and-control servers are hosted in China and set to a timezone for Asia/Shanghai, and some of the hosting infrastructure was traced back to two Chinese providers. Researches estimate this has been in progress since December of 2024.

Microsoft has been rolling out required MFA (multi-factor authentication) for some time now, but the attackers specifically targeted non-interactive accounts. These accounts do not require manual login but are used by automated processes, background tasks, and service integrations. Since there is no human interaction, there is no MFA.

The likely goal of this attack is to gain access to sensitive data, e-mails, and collaboration tools like SharePoint.

Security researchers have called this “the next evolutionary step forward” of password spray attacks; let’s look at the components to see why this attack is particularly dangerous.

Non-interactive sign-ins: Why do we even have these?

At first glance, the idea of having an account that doesn’t require MFA seems really terrible, and on the surface, it is. But these accounts are used for things that don’t require human interaction – for instance, a service account that automatically logs into SharePoint to retrieve data or a background process making an API call to sync users between Entra ID and another external system. With no human there to enter the OTP or look at the authenticator app, no MFA is possible, but these tasks are critical to business function.

What exactly is a botnet?

A botnet is a network of compromised devices—computers, servers, and IoT devices—that a hacker controls remotely to perform malicious activities.

IoT devices are particularly attractive targets for hackers looking to build a botnet – they often have weak security controls, they rarely get security updates when vulnerabilities are found, and many times admins are not even aware they exist – one study found that 80% of IT leaders discovered an unknown IoT device on their network. When they do get compromised and end up as part of a botnet, it’s hard to tell – the only symptom might be an increase in traffic, which could escape regular monitoring.

The goal of a botnet is large-scale operations; one computer trying to unlock a password with a password spray attack could take years, given a reasonably complex password, but 130,000 devices trying all at once might take just a few hours.

How does a password spray attack work?

A password spray attack is a type of brute-force attack used to gain unauthorized access to user accounts, systems, or networks. It’s different from a traditional brute-force attack, where an attacker attempts to guess a password by systematically trying all possible combinations. In a password spraying attack, the attacker tries a small number of common passwords or a list of commonly used passwords against a large number of usernames or accounts.

The goal of a password spraying attack is to exploit the fact that many users use weak or easily guessable passwords, such as “password,” “123456,” or “admin.” Instead of trying to guess a specific user’s password, the attacker focuses on gaining access to multiple accounts by trying these common passwords against a broad range of usernames.

What makes this attack particularly egregious is the targeting of the non-interactive accounts. Most password spray attacks are thwarted by basic security measures like locking out after a certain number of incorrect passwords, but non-interactive accounts don’t usually have this enabled. Admins would also monitor security logs and set up alerts to be notified if there were suddenly a storm of failed login attempts, but non-interactive logins have their own logs, which are usually ignored. So as long as the background processes are working (the sharepoint backup, the ID sync as mentioned above), there would be a really good chance no one would ever check to see all these failed logins.

NAC and Conditional Access to the rescue!

Many of the articles mention that targeting these non-interactive sign-on accounts bypasses conditional access policies, but the truth is that with a good set of policies, you can still protect yourself from attacks like these.

Role-based and location-based access control are key – If you have a machine account that is designed to back up SharePoint or write to a database, those should be the only things it can access, with the least amount of rights to accomplish the job. This protects you in the event of a breach – the amount of data that can be stolen is extremely limited. Location-based access will protect you against connections from places you know your employees are not located.

Next, you can implement endpoint risk assessment policies for all accounts – if the device they are trying to connect from does not have required software, or anti-virus, or is not enrolled in your MDM, it can be an automatic failure. Or it could go to a quarantine network that has internet access but no access to your internal tools – this allows you to have a BYOD policy for employees but still keep your critical assets safe.

And finally, the big one – passwordless authentication. Swapping traditional passwords – and all the headache for users and IT departments they cause – for digital certificates is the best move you can make to keep your company secure. Digital certificates cannot be sprayed, brute forced, guessed, phished, or socially engineered. They can’t be forgotten, mistyped, or shared. With 80% of all data breaches starting with a compromised password, it’s clear that eliminating passwords significantly reduces your organization’s risk. By adopting passwordless authentication with digital certificates, you remove the weakest link in security—human error—while streamlining user access.

As attacks get more sophisticated, it’s important to have the right tools in place to keep you protected.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About Version 2 Digital

Network Portnox 2025

Dangerous liaisons in cybersecurity: Attackers improve their phishing methods

The latest ESET APT Activity Report shows improved phishing techniques that threat actors currently utilize, highlighting the need for high-quality cybersecurity awareness training.

A general recommendation about phishing attacks is not to click on anything that looks suspicious. That’s easy to follow when employees receive an email full of grammatical errors and typos from an unknown source.

However, adversaries have been improving their tactics and experimenting with new ways to make their potential victims fall for phishing — tactics that may not be so easy to spot. And it’s not only about using AI to create grammatically correct or more convincing emails. Recently, ESET researchers noticed a new trend among North Korea-aligned groups trying to build relationships with their targets before sending them malicious content.

Statistically speaking, since human error is involved in most data breaches, it is logical that threat actors don’t hesitate to leverage this major attack vector. To address this, ESET created ESET Cybersecurity Awareness Training, a story-driven course available in English, French, Spanish, and Chinese languages informing employees about current cyber threats and helping businesses with compliance and insurance issues.

A costly mistake

Verizon’s 2024 Data Breach Investigations Report shows that 68% of breaches involved a non-malicious human element, like a person falling victim to a social engineering attack or making an error.

Most of those attacks started with phishing (tricking a user into giving sensitive information or downloading malicious content) and pretexting (use of a fabricated story, or pretext, to gain a victim’s trust) via email, accounting for 73% of breaches.

In 2024, the number of detected breaches involving pretexting surpassed the number of breaches involving traditional phishing attacks, according to Verizon’s data. This could be one indicator that threat actors feel the need to use more sophisticated techniques against their targets, according to the report.

Breaches involving a human element are not only prevalent but also costly, according to IBM’s Cost of a Data Breach Report 2024 conducted by Ponemon Institute. Ponemon’s researchers looked at 604 organizations in 16 countries and regions, finding that an average business loss due to phishing has now reached USD4.88 million per breach. This makes phishing attacks the second costliest type of attack, right after impacts from malicious insiders, which account for an average of USD4.99 million.

I have a proposal for you

Recent ESET findings confirm this trend of threat actors utilizing improved social engineering techniques.

In Q2 2024–Q3 2024, ESET researchers saw the North Korea-aligned activity cluster Deceptive Development and North Korea-aligned group Kimsuky enhancing their phishing attacks with pretexting methods. For example, both tried to use fake job offers to approach the targeted individuals, and only after the victim responded and a relationship was established did threat actors send a malicious package to the victim.

Another group, Lazarus, distributed fake job offers for desirable positions at large companies like Airbus or BAE Systems and delivered trojanized PDF viewers along with decoy PDF documents. This group also impersonated recruiters on professional networks and work platforms, distributing trojanized codebases under the guise of job assignments and hiring challenges with the aim of cryptocurrency theft.

Kimsuky targeted North Korea experts working for NGOs and researchers in academic circles with fake requests to grant a media interview or give a presentation. They tried to establish a relationship with a good old apple-polishing ― sending amiable emails that praised the target’s expertise and asked for help. Once the attackers gained the trust of their victim, Kimsuky delivered a malicious package, usually disguised as a list of questions that should be answered before the event.

The BlackBasta ransomware gang also adopted this relationship-oriented method when targeting businesses, according to the recent discovery of the ReliaQuest threat research team.

First, they send mass email spam targeting employees, provoking them to create a legitimate help-desk ticket to resolve the issue. Then, attackers posing as IT support or help desk staff contact employees via Microsoft Teams chat and send them a malicious QR code, likely for downloading a remote monitoring and management (RMM) tool that BlackBasta can exploit.

How to avoid a toxic relationship

Seeing the above-mentioned cases, it is clear that employees are a critical component of any business’s security that needs to be taken care of. In general, cybersecurity awareness training not only helps businesses to deflect user-oriented cyberattacks and fulfill compliance/insurance requirements but also decreases losses in case of a successful breach by around 5.2%.

ESET acknowledges this threat vector with the global launch of ESET Cybersecurity Awareness Training, which complements ESET PROTECT, a multilayered AI-powered solution for businesses.

Both employee training and multilayered security are integral parts of what ESET calls a prevention-first approach designed to completely evade cyber threats or mitigate them with no or only minimal disruptions in the business flow. It is a complex strategy of shrinking the attack surface while effectively reducing the complexity of cyber defense.

ESET Cybersecurity Awareness Training aims for both of these goals. First, it helps employees to recognize standard and novel cybersecurity threats abusing human factors. Second, it is easy to deploy and operate thanks to deep integration possibilities with various systems, a customizable training portal, and an easy-to-use dashboard. Thus, businesses don’t need to spend more precious IT staff time on it than necessary.

Let’s make it interesting!

ESET Cybersecurity Awareness Training offers an engaging and story-driven experience that helps employees understand which common bad user habits of can endanger the whole company. It also explains how threat actors think — for example, how they search potential victims’ social network profiles to guess their passwords or impersonate them.

The training is based on three decades of ESET expertise in this area and is designed to change employee behavior, rather than merely to check a box for compliance or cyber insurance.

To keep employees vigilant in the long term, ESET Cybersecurity Awareness Training comes with phishing test simulations that businesses can run an unlimited number of times.

Benefits of Premium Cybersecurity Awareness Training

Comprehensive online cybersecurity awareness training courses
Multiple course options ranging from full 90-minute-long training to short courses taking from 5 to 15 minutes
Best practices for remote employees
Gamification that engages and changes behavior
Helps meet HIPAA, PCI, SOX, GDPR, CCPA compliance requirements
Helps meet cyber insurance requirements
Certification & LinkedIn badge
Unlimited phishing test simulations to test employees
Admin console allowing users to manage customizable groups of employees, track learners’ status, and run phishing simulation campaigns
School platform where employees can take their enrolled training
Automatic email reminders to learners
Deep integration with various popular third-party cloud-based services

Fruitful relationship with ESET

Even the best and most expensive cybersecurity solution in the world can be powerless against one fooled employee who shares their password or downloads a malicious file.

Help your employees to navigate through a maze of the evolving world of cyber threats and improve your defenses with ESET Cybersecurity Awareness Training.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Digital

ESET 2025

Inside the Dark Web: How the Guardz Research Unit Unveils Emerging Cyber Threats Targeting Small Businesses

Exploring the Digital Underground to Safeguard SMBs

Cybercriminals are constantly evolving their tactics, leveraging hidden corners of the internet to sell access to small and medium-sized businesses (SMBs). To stay ahead of these threats, the Guardz Research Unit (GRU) continuously monitors dark web marketplaces, underground forums, and other cybercrime hubs to uncover the latest trends that put SMBs at risk.

Our latest investigation has revealed a concerning rise in cybercriminal services tailored specifically to targeting SMBs, including law and accounting firms. One alarming example: a dark web listing offering admin-level access to a U.S. law firm for just $600, exploiting an eight-year-old unpatched vulnerability.

This finding is just one of many that highlight the growing attack-as-a-service economy, where cybercriminals trade stolen credentials, exploit remote access systems, and sell persistent backdoor access, leaving businesses vulnerable to ransomware, fraud, and devastating reputational damage.

Key Trends Uncovered by the Guardz Research Unit:

Stolen Business Access for Sale – Dark web marketplaces feature listings for Remote Desktop Protocol (RDP) and Virtual Private Networks (VPN) credentials, granting full control over small business networks.
Cybercrime is Alarmingly Affordable – Attackers can purchase unauthorized access to SMBs, including law firms and accounting firms, at shockingly low prices, making these businesses prime targets for fraud and extortion.
Unpatched Vulnerabilities Fuel Attacks – Businesses failing to patch old security flaws remain wide open to breaches, with cybercriminals exploiting security gaps that have been disclosed for years.
Persistent Access and Long-Term Exploitation – Many attacks don’t end after initial access; criminals implant malware, keyloggers, and hidden backdoors, allowing them to return undetected for future data theft and extortion.

Why This Matters for SMBs

Small businesses, especially those handling sensitive financial and legal data, remain a primary focus of cybercriminal activity. The Guardz Research Unit is working to expose these threats in real-time so that SMBs can take proactive steps to secure their networks before they become the next target.

Cybercriminals innovate their tactics daily, so cybersecurity defenses must evolve just as fast. By staying informed on emerging threats, SMBs can adopt a proactive security approach to protect themselves, their clients, and their reputations.

At Guardz, we are committed to helping SMBs close security gaps and prevent breaches before they happen. Stay tuned for our full report, where we’ll dive deeper into the latest dark web discoveries and provide actionable security strategies to keep your business safe.

Protecting Those at Risk

As part of this investigation, Guardz identified a law firm that was specifically named within dark web forums. We took immediate steps to notify the firm, ensuring they are aware of the threat and can take appropriate measures to protect their systems. Guardz remains available to assist in securing their business and mitigating potential risks.

Additionally, in our published report, we have not disclosed any company names, identifiers, or details that could expose businesses to further threats. Our mission is to raise awareness and equip SMBs with the insights and tools they need to defend against cyber risks.

Findings from the Dark Web

GRU’s recent dive into dark web forums revealed an alarming trend: threat actors are actively targeting Small businesses, particularly law and accounting firms. The reasons are clear—these organizations handle sensitive and lucrative data, such as financial records, legal documentation, and personally identifiable information (PII), making them attractive to cybercriminals.

Key GRU findings include:

Exploitation of Unpatched Vulnerabilities: Over 15% of the analyzed dark web listings offered access to organizations through known vulnerabilities that had been disclosed years ago.
Sale of Stolen Credentials: Credentials for Small businesses networks—both admin-level and standard user accounts—are being sold at an average price of $600. Some listings even include bundled “access packs” with multiple entry points to the same organization.
Ransomware as a Service (RaaS): Cybercriminal groups are offering turnkey ransomware solutions on the dark web, making it easier than ever for even non-technical actors to launch devastating attacks.

These findings highlight the growing sophistication and accessibility of cybercrime, making Small businesses an increasingly vulnerable target.

Threat Analysis: How Small Businesses Are Being Exploited

1. Unpatched Vulnerabilities: A Ticking Time Bomb

In the Guardz Research Unit recent uncovered findings, an American law firm was still vulnerable to the EternalBlue exploit—a flaw in Windows’ Server Message Block (Small businesses) protocol disclosed back in 2017. This vulnerability was infamously exploited in the global WannaCry ransomware attack, which caused billions in damages. Despite being patched years ago, GRU found that threat actors were still leveraging it to gain access to unprotected networks.

The potential damage behind this vulnerability is equally alarming:

According to various estimations, over 100,000 devices worldwide are estimated to remain unpatched against EternalBlue.
A single ransomware attack exploiting this vulnerability can cost Small businesses an average of $120,000 in recovery expenses, not to mention reputational damage.

One dark web listing advertised admin-level access to a law firm’s network, complete with instructions on how to exploit the EternalBlue flaw, for just $600—a devastatingly low price for such significant access.

VPN Access to a law firm in Puerto Rico sold on the Darkweb

2. RDP and VPN Exploits: A Gateway for Attackers

Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) tools are critical for enabling remote work, but they have also become prime targets for cybercriminals. GRU identified multiple listings on dark web forums advertising access to small business networks through compromised RDP and VPN credentials.

High-Value Credentials: In one case, admin-level RDP credentials for an accounting firm were auctioned off for $1,800, giving the buyer unrestricted access to sensitive financial systems.
Low-Cost Entry Points: Lower-level credentials were available for as little as $300, yet they still offered significant opportunities for skilled attackers to escalate their access.

The potential threat here paints a grim picture:

A 2024 study by the Cyber Readiness Institute found that nearly two-thirds (65%) of global SMBs do not use MFA and have no plans to implement it in the near future.

RDP Access to accounting firm Sold on DarkWeb

3. Ransomware: The Hall of Shame

Ransomware gangs have evolved their tactics beyond simple file encryption. Today, these groups often engage in double extortion, threatening to leak sensitive data if ransom demands are not met. GRU documented a particularly devastating example involving a U.S. family law firm. After refusing to pay a ransom, the firm’s sensitive client data was leaked on a dark web “hall of shame” site, resulting in irreparable reputational damage.

The impact of ransomware on Small businesses is staggering:

Financial Losses: The average cost of a ransomware attack on small businesses is approximately $26,000.
Operational Disruptions: Following a ransomware attack, 50% of small and medium-sized businesses report that it took 24 hours or longer to recover, leading to significant downtime and loss of productivity.

The Risk and Potential Damages to Small Businesses

The infiltration of a small business network via Remote Desktop Protocol (RDP), VPN exploits, or unpatched vulnerabilities can lead to severe and often irreversible consequences. Once cybercriminals gain access, they can:

Deploy Ransomware: Attackers can encrypt all business-critical files, rendering systems inoperable until a ransom is paid—often in cryptocurrency. Many businesses that refuse to pay suffer prolonged downtime, loss of sensitive client data, and legal repercussions if personally identifiable information (PII) is exposed.
Steal and Sell Confidential Data: Law firms, accounting firms, and other professional service providers store sensitive financial records, legal case files, tax information, and personally identifiable data. Cybercriminals frequently sell or leak this data, leading to regulatory fines, lawsuits, and a loss of client trust.
Launch Fraudulent Transactions: With admin-level access, attackers can manipulate financial records, initiate fraudulent wire transfers, or reroute funds, causing direct financial losses that can be difficult to recover.
Set Up Persistent Access for Future Exploits: Many cybercriminals install backdoors, keyloggers, and other malware that allow them to return at will, siphon off data over time, or launch additional attacks without detection.
Use the Business as a Springboard for Attacking Others: A compromised firm can be leveraged to infiltrate clients, suppliers, or business partners, especially if they have interconnected networks or shared credentials. This can trigger legal liability and reputational damage that extends far beyond the initial breach.
Disrupt Operations for Extended Periods: For many small businesses, even a few days of downtime can be financially devastating. Attackers often sabotage systems, delete backups, or corrupt data to make recovery nearly impossible without external intervention.

Risks Amplified: Why Small Businesses Are Prime Targets

Small businesses often lack the resources and expertise of larger organizations, making them appealing targets for cybercriminals. Key risk factors include:

Inadequate Security Budgets: Many Small businesses operate on tight budgets, often prioritizing operational costs over cybersecurity.
Overlooked Patching: GRU’s findings show that many Small businesses fail to patch vulnerabilities in a timely manner, leaving them exposed to known threats.
Weak Credential Policies: The reuse of passwords across multiple accounts remains a widespread issue, providing easy entry points for attackers.
Supply Chain Vulnerabilities: Small businesses often rely on third-party vendors, creating additional attack vectors for cybercriminals.

Guardz: A Trusted Ally in Cybersecurity

As the cybersecurity landscape grows increasingly complex, Guardz is transforming the charge to protect small businesses. Through its innovative AI-powered platform, Guardz empowers MSPs to deliver cutting-edge cybersecurity solutions tailored to the needs of small businesses.

How Guardz Makes a Difference:

Proactive Threat Detection: Guardz’s platform identifies vulnerabilities and mitigates risks before they can be exploited.
Automated Responses: The platform provides real-time, automated responses to emerging threats, minimizing damage and downtime.
Cyber Awareness Training: Guardz equips small businesses with the knowledge and tools to recognize and respond to social engineering attempts, such as phishing attacks.
Phishing Simulations: To bolster defenses against one of the most common attack vectors, Guardz offers AI-powered phishing simulations, helping small businesses and their employees stay vigilant.

A Path Forward: Recommendations for Small Businesses

GRU’s findings serve as a wake-up call for small businesses across all sectors. To stay ahead of cybercriminals, small businesses must adopt a proactive approach to cybersecurity. Key recommendations include:

Regular Patch Management: Ensure all software and systems are up to date to eliminate known vulnerabilities.
Strong Credential Policies: Implement MFA and enforce unique, complex passwords across all accounts.
Data Backups: Maintain separate, secure backups of all critical data to ensure business continuity in the event of an attack.
Employee Training: Invest in ongoing cybersecurity awareness training to reduce the risk of human error.
Partner with an MSP: Work with a trusted MSP equipped with Guardz’s platform to ensure 24/7 protection.

The findings from the Guardz Research Unit highlight a sobering reality: the dark web is teeming with threats aimed squarely at small businesses. From unpatched vulnerabilities to stolen credentials and ransomware attacks, small businesses face a range of risks that can devastate their operations and reputations.

But it doesn’t have to be this way. By taking proactive measures and partnering with cybersecurity leaders like Guardz, small businesses can turn the tide, protecting their data, their clients, and their futures.

In an age where cybercrime shows no signs of slowing down, Guardz stands as a beacon of hope, empowering MSPs to safeguard the lifeblood of the economy and our small businesses. The message is clear: Stay vigilant, stay prepared, and let Guardz protect what matters most.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

About Version 2 Digital

2025 Guardz