New research by cybersecurity service provider Sophos reveals the biggest threats facing small and medium enterprises (SMEs) in the past year.
The research shows that 50 per cent of malware detections for SMEs were keyloggers, spyware and stealers, which are malware that attackers use to steal data and credentials. Attackers subsequently use this stolen information to gain unauthorised remote access, extort victims, deploy ransomware, and other nefarious activities.
The report also analysed the activities of initial access brokers (IABs) who are criminals who specialise in breaking into computer networks. What it found is that IABs are using the dark web to advertise their ability and services to break specifically into SME networks or sell ready-to-go access to SMEs they’ve already cracked.
“The value of data as currency has increased exponentially among cybercriminals, and this is particularly true for SMEs, which tend to use one service or software application, per function, for their entire operation,” Christopher Budd, director of Sophos X-Ops research at Sophos, said. “For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts.
“There’s a reason that more than 90 per cent of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorised remote access, or simply data theft,” Budd added.
While the number of ransomware attacks against SMEs has stabilised, it continues to be the biggest cyber threatra to SMEs. Out of the SME cases handled by Sophos, LockBit was the top ransomware gang wreaking havoc. Akira and BlackCat were second and third, respectively. SMEs studied in the report also faced attacks by lingering older and lesser-known ransomware, such as BitLocker and Crytox.
Ransomware operators also continue to change ransomware tactics, according to the report. This includes leveraging remote encryption and targeting managed service providers (MSPs). Between 2022 and 2023, the number of ransomware attacks that involved remote encryption, when attackers use an unmanaged device on organisations’ networks to encrypt files on other systems in the network, increased by 62 per cent.
Business email compromise (BEC) attacks were the second-highest type of attack that Sophos has handled in 2023, as noted by the report. Worse, these BEC attacks and other social engineering campaigns contain an increasing level of sophistication wherein attackers are now more likely to engage with their targets by sending a series of conversational emails back and forth or even calling them rather than sending an email with a malicious attachment,
In an attempt to evade detection by traditional spam prevention tools, attackers are also noted to be experimenting with new formats for their malicious content, embedding images that contain the malicious code or sending malicious attachments in OneNote or archive formats.