Sophos reports that ransomware is still the largest cyberthreat, with data and credential theft malware ranking as the top two dangers to SMBs in 2023

According to a Sophos analysis, the top two dangers to small- and medium-sized companies (SMBs) were data and credential theft malware. Keyloggers, spyware, and stealers—malware that allows attackers to steal data and credentials—accounted for over 50% of malware detections for SMBs. The cybersecurity solution provider, Sophos, said in its annual 2024 Sophos Threat Report that hackers exploit the information they get to gain unauthorized remote access, blackmail victims, run ransomware, and more.

Initial access brokers (IABs) are criminals who specialize in hacking computer networks; the Sophos investigation examined these individuals as well. As shown by the research, IABs are marketing their services and capacity to explicitly breach SMB networks on the dark web, or they are offering SMBs they have already breached ready-to-use access.

Cybercriminals now see “data” as cash, and this is especially true for small and medium-sized businesses (SMBs), who often rely on a single software program or service for every aspect of their business operations. As an example, suppose that hackers use an infostealer on the network of their intended victim in order to get credentials and the password for the accounting software used by the business. According to Christopher Budd, Director of Sophos X-Ops research at Sophos, “attackers could then obtain access to the targeted company’s financials and have the ability to funnel funds into their own accounts.” The fact that ransomware attacks, data extortion, unwanted remote access, and plain old data theft accounted for over 90% of all cyberattacks reported to Sophos in 2023 is indicative of the cause for this.

Even while ransomware attacks against small and medium-sized businesses have leveled down, they remain the largest cyberthreat to these businesses. LockBit was the most prolific ransomware gang causing havoc among the SMB instances handled by Sophos Incident Response (IR), which assists enterprises under active attack. BlackCat came in third, while Akira came in second. According to the research, SMBs under investigation were also targeted by persistent, older ransomware like Crytox and BitLocker.

The research states that ransomware operators are still evolving their strategies. Targeting managed service providers and using remote encryption are two examples of this (MSPs). The percentage of ransomware attacks including remote encryption—which occurs when hackers use an unmanaged device on an organization’s network to encrypt data on other systems—rose from 2022 to 2023 by 62%.

Furthermore, five incidents involving small firms that were targeted using an exploit in their MSPs’ remote monitoring and management (RMM) software were handled by Sophos’ Managed Detection and Response (MDR) team throughout the course of the previous year.

Attackers hone their Business Email Compromise (BEC) and Social Engineering techniques.

As to the Sophos research, business email compromise (BEC) assaults ranked second in terms of volume handled by Sophos IR in 2023, behind ransomware. The complexity of these BEC assaults and other social engineering tactics is rising. Attackers are now more likely to interact with their targets by exchanging a series of conversational emails or even making phone calls, as opposed to just sending an email with a malicious attachment.

Attackers are now trying with various forms for their malicious information, such as embedding photos that contain the harmful code or sending malware attachments in OneNote or archive formats, in an effort to avoid being discovered by conventional spam protection programs.