- The 2024 Sophos Threat Report shows data theft is the focus of most malware targeting small and medium businesses.
- Email attacks have moved away from simple social engineering toward more active engagement.
- According to the World Bank, over 90 per cent of the world’s businesses are small- and medium-sized organisations.
Cybercriminals are increasingly targeting data in a new trend in the online security space the 2024 Sophos Threat Report has shown. The report by cybersecurity services firm Sophos sheds light on the dangers faced by small- and medium-sized businesses (SMBs) in the digital landscape.
The 2024 Sophos Threat Report titled “Cybercrime on Main Street” underscores the significant threats looming over SMBs, focusing on the year 2023. According to the report, 50 per cent of malware detected targeting SMBs comprised keyloggers, spyware, and stealers – malicious software designed to steal data and credentials.
Cybercriminals employ these tactics to gain unauthorized access, extort victims, deploy ransomware, and execute various nefarious activities. Christopher Budd, director of Sophos X-Ops research at Sophos, emphasized the exponential rise in the value of ‘data’ as currency among cybercriminals, particularly its impact on SMBs.
2024 Sophos threat report on financial systems attacks
Budd illustrated a scenario wherein attackers infiltrate a network using an infostealer, obtaining crucial credentials such as those for accounting software. With access to financial data, cybercriminals can redirect funds to their accounts, highlighting the dire consequences of data theft for SMBs.
Sophos X-Ops director Christopher Budd said that there’s a reason why more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft.
“The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation,” said Budd.
Furthermore, the report delves into initial access brokers (IABs), specialists in breaching computer networks. These criminals leverage the dark web to advertise their services, offering access to compromised SMB networks or selling pre-compromised access to interested parties.
“For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts,” added budd.
Ransomware attacks continues to plague SMBs
Despite stabilisation in the number of ransomware attacks against SMBs, Sophos identifies ransomware as the most significant cyber threat to this demographic. Sophos Incident Response (IR) data reveals LockBit as the predominant ransomware gang, followed by Akira and BlackCat. Additionally, SMBs faced threats from older ransomware variants like BitLocker and Crytox.
Read Also: Cybersecurity Threats and How to Stay Safe Online
The report highlights evolving ransomware tactics, including remote encryption and targeting managed service providers (MSPs). Notably, between 2022 and 2023, ransomware attacks involving remote encryption surged by 62%. Moreover, Sophos’s Managed Detection and Response (MDR) team responded to five cases wherein SMBs fell victim to exploits in their MSPs’ remote monitoring and management (RMM) software.
Sophisticated Social Engineering and BEC Attacks
Beyond ransomware, the Sophos report underscores the rising prominence of business email compromise (BEC) attacks. These attacks, alongside other social engineering campaigns, exhibit increased sophistication, transcending traditional spam prevention measures.
Attackers now engage in prolonged interactions with targets, employing conversational emails and even resorting to phone calls to enhance their efficacy. To evade detection, cybercriminals experiment with novel formats for malicious content, embedding codes within images or employing unconventional attachment formats like OneNote or archives.
One notable case outlined in the report involves attackers sending a PDF document with a deliberately blurred invoice thumbnail, concealing a link to a malicious website within the download button.
Data theft is the focus of most malware targeting small and medium businesses—password stealers, keyboard loggers, and other spyware make up nearly half of the malware detections. Credential theft through phishing and malware can expose small businesses’ data on cloud platforms and service providers, and network breaches can be used to target their customers as well.