Steal credentials, then steal data. It’s easier than taking candy from a baby.
That is Sophos's warning in its 2024 Threat Report: Cyber Crime on Main Street. Ransomware continues to have the greatest impact on SMBs, but data and credential theft is the focus of most malware targeting smaller organizations. The report disclosed that almost half (50%) of the malware detected against SMBs in 2023 consisted of keyloggers, spyware, and stealers.
“The value of ‘data’ as currency has increased exponentially among cybercriminals,” noted Christopher Budd, director of Sophos X-Ops research at Sophos. SMBs typically use one service or application for their entire operation. If threat actors gain access via stolen credentials or passwords, the target’s network can be exploited for other monetary gain.
"There's a reason that more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft," Budd added.
Tactics Change, Crime Does Not
The number of ransomware attacks against SMBs has stayed the same, but the way threat actors attack has changed. They are resorting to leveraging remote encryption and targeting MSPs among other tactics. Attackers use an unprotected device connected to the organization’s network to encrypt other files within the network. That type of attack on small businesses has increased 62 percent in the past year.
Business email compromise (BEC) attacks were the second most frequently used method, according to Sophos. Simple social engineering attacks are no longer effective, so cyber thieves are turning toward more active engagement with targets over email, striking up a conversation first, then moving in for the kill in follow-up emails.
Threat actors are developing new ways to get around traditional spam prevention tool detection. They are experimenting with new malicious content formats, replacing text content with realistic embedded images, and sometimes sneaking in malware as attachments via OneNote or archive formats.
Making It Harder to Hit Easy Targets
Active adversaries use the same techniques to attack small businesses and Fortune 500 companies. Only the more prominent companies have more robust defenses, while SMBs make do with what little they have. Still, there are some commonsense steps organizations can take to improve their IT defenses. Sophos recommends the following:
1) Educate your staff about cyber threats.
2) Deploy multifactor authentication on all externally facing assets.
3) Prioritize installing software patches on servers and network appliances.
4) Migrate assets that are difficult to manage to SaaS email platforms.
Most importantly, find ways to shorten response times when suffering a cyberattack. The best approach is to have security experts monitor and respond to incidents 24/7. “Staying safe isn’t impossible; it just takes comprehensive planning and layered defenses to buy you time to respond and minimize damages,” the Sophos report concluded.
Download the 2024 Threat Report to learn more.