Sophos, a cybersecurity service provider, has unveiled its annual 2024 Sophos Threat Report, shedding light on the concerning trend of “Cybercrime on Main Street” and the significant cyber threats confronting small- and medium-sized businesses (SMBs). The report reveals that in 2023, nearly half of the malware detections targeting SMBs were keyloggers, spyware, and stealers—malicious software designed to pilfer data and credentials. Such stolen information is then utilized by attackers to illicitly access systems, extort victims, deploy ransomware, and execute other malicious activities.
An integral aspect analyzed in the report is the emergence of initial access brokers (IABs), specializing in infiltrating computer networks. These actors utilize the dark web to market their services, either breaching SMB networks themselves or selling pre-compromised access to such networks.
Christopher Budd,
Director of Sophos X-Ops research, highlights the soaring value of “data” as currency among cybercriminals, particularly targeting SMBs. A single security breach, such as deploying an infostealer to acquire credentials, could grant attackers access to critical systems like accounting software, potentially leading to financial losses for the targeted company.
Despite a stabilization in the number of ransomware attacks against SMBs, ransomware remains the foremost cyber threat. Among the ransomware gangs causing significant disruptions, LockBit tops the list, followed by Akira and BlackCat. The report underscores the evolving tactics of ransomware operators, including the utilization of remote encryption and the targeting of managed service providers (MSPs). Notably, there has been a 62% increase in ransomware attacks employing remote encryption, where unmanaged devices on networks are used to encrypt files on other systems.
Sophos’s Managed Detection and Response (MDR) team responded to five cases involving SMBs attacked through exploits in their MSPs’ remote monitoring and management (RMM) software during the past year.
In addition to ransomware, business email compromise (BEC) attacks have surged as the second most prevalent threat, showcasing heightened levels of sophistication. Attackers now engage in conversational emails or even direct calls with their targets, aiming to evade detection by traditional spam prevention tools. Novel tactics include embedding malicious code within images or sending malicious attachments in alternative formats like OneNote or archives.
For a comprehensive understanding of these cyber threats facing SMBs and more, the 2024 Sophos Threat Report: Cybercrime on Main Street is available for review on Sophos.com.