“In 2023, small businesses bore the brunt of cyber incidents, with ransomware attacks causing significant disruptions. A recent Sophos report highlights that the LockBit group was responsible for the majority of these ransomware cases, accounting for 27.59% of the incidents managed by Sophos Incident Response. This figure surpasses the involvement of other groups such as Akira, BlackCat, and Play, which were responsible for 15.52%, 13.79%, and 10.34% of incidents, respectively.”
The report emphasized the evolving strategies employed by ransomware operators throughout 2023. Notably, there was a surge in the adoption of remote encryption tactics. In this approach, attackers exploit unmanaged devices within organizations’ networks to encrypt files on other systems via network file access.
Furthermore, ransomware operators are now developing malware specifically aimed at macOS and Linux operating systems. Researchers at Sophos have detected leaked variants of the LockBit ransomware targeting both macOS (running on Apple’s proprietary processors) and Linux across various hardware platforms.
Is data theft the primary objective in small and medium-sized business (SMB) attacks?
The research found that over 90% of cyber-attacks reported by Sophos customers involved data or credential theft in some form, ranging from ransomware to data breaches.
Nearly half (43.26%) of all malware targeting small and medium businesses (SMBs) last year focused on data theft. These were made up of password stealers, keyboard loggers and other spyware.
In 2023, the most notable “stealer” malware identified through Sophos’ telemetry included:
- RedLine (8.71%)
- Raccoon Stealer (8.52%)
- Grandoreiro (8.17%)
- Discord Token Stealer (8.12%) 1.
Stolen credentials hold immense value for malicious actors. These pilfered account details can be exploited in various ways:
- Unauthorized Access: Cybercriminals can use stolen credentials to infiltrate sensitive systems, networks, and accounts.
- Data Compromise: Once inside, they can compromise personal data, corporate infrastructures, and commit fraud.
- Espionage: Some threat actors sell stolen credentials on the dark web, potentially using them for targeted ransomware campaigns or espionage purposes 23.
Remember, safeguarding credentials is crucial in our interconnected digital landscape. Implementing strong security practices, including multi-factor authentication, helps mitigate the risk posed by credential theft 4.