Why are three-quarters of cyber incident victims small businesses?

NUMENTIS
March 23, 2024
Business Solutions, Cybersecurity, Managed IT Services

“In 2023, small businesses bore the brunt of cyber incidents, with ransomware attacks causing significant disruptions. A recent Sophos report highlights that the LockBit group was responsible for the majority of these ransomware cases, accounting for 27.59% of the incidents managed by Sophos Incident Response. This figure surpasses the involvement of other groups such as Akira, BlackCat, and Play, which were responsible for 15.52%, 13.79%, and 10.34% of incidents, respectively.”

The report emphasized the evolving strategies employed by ransomware operators throughout 2023. Notably, there was a surge in the adoption of remote encryption tactics. In this approach, attackers exploit unmanaged devices within organizations’ networks to encrypt files on other systems via network file access.

Furthermore, ransomware operators are now developing malware specifically aimed at macOS and Linux operating systems. Researchers at Sophos have detected leaked variants of the LockBit ransomware targeting both macOS (running on Apple’s proprietary processors) and Linux across various hardware platforms.

Is data theft the primary objective in small and medium-sized business (SMB) attacks?

The research found that over 90% of cyber-attacks reported by Sophos customers involved data or credential theft in some form, ranging from ransomware to data breaches.

Nearly half (43.26%) of all malware targeting small and medium businesses (SMBs) last year focused on data theft. These were made up of password stealers, keyboard loggers and other spyware.

In 2023, the most notable “stealer” malware identified through Sophos’ telemetry included:

RedLine (8.71%)
Raccoon Stealer (8.52%)
Grandoreiro (8.17%)
Discord Token Stealer (8.12%) ¹.

Stolen credentials hold immense value for malicious actors. These pilfered account details can be exploited in various ways:

Unauthorized Access: Cybercriminals can use stolen credentials to infiltrate sensitive systems, networks, and accounts.
Data Compromise: Once inside, they can compromise personal data, corporate infrastructures, and commit fraud.
Espionage: Some threat actors sell stolen credentials on the dark web, potentially using them for targeted ransomware campaigns or espionage purposes ² ³.

Remember, safeguarding credentials is crucial in our interconnected digital landscape. Implementing strong security practices, including multi-factor authentication, helps mitigate the risk posed by credential theft ⁴.

In 2023, there was a noticeable surge in information-stealing malware specifically targeting macOS. This trend is expected to persist throughout the current year.

These malicious stealers have the capability to harvest system data, browser information, and even cryptowallets. Some of these malware variants are available for sale in underground forums and Telegram channels, fetching prices as high as $3,000¹.

Christopher Budd, the director of Sophos X-Ops research, aptly remarked that the value of data has skyrocketed in the eyes of cybercriminals. This holds particularly true for small and medium businesses (SMBs), which often rely on a single service or software application for their entire operational needs ¹. The stakes are high, and safeguarding data has become paramount in our interconnected digital landscape.

Certainly! Here’s a concise summary of the report on malware-as-a-service (MaaS) and the evolving tactics used by cybercriminals:

MaaS Operators and SEO Poisoning:
- The report highlights a surge in MaaS operators employing malicious web advertising and search engine optimization (SEO) poisoning to infect victims.
- SEO poisoning involves threat actors purchasing legitimate services to boost their websites’ visibility on search engines, making them appear authentic.
Nitrogen Group Example:
- A specific group, using malware called ‘Nitrogen,’ leveraged Google and Bing ads tied to keywords.
- Their tactic was to lure targets into downloading a software installer from a fake website, using a legitimate software developer’s brand identity.
Business Email Compromise (BEC):
- Sophos’ Incident Response team identified BEC compromises more frequently than any other vector except for ransomware.
- BEC attackers have become more creative, moving beyond simple employee impersonation to novel approaches.
Effective BEC Tactics:
- Successful BEC actors initiate conversations first, building rapport before sending malicious links or attachments.
- Scammers experiment with methods to evade email security tools, including replacing malicious text with embedded images and using QR codes or invoice-like images.
Shift to PDF Attachments:
- Attackers shifted to PDF file attachments almost exclusively last year.
- These attachments primarily link to malicious scripts or sites and sometimes include embedded QR codes.

In summary, cybercriminals are adapting and refining their techniques, emphasizing the need for robust cybersecurity measures to protect against evolving threats.

About NUMENTIS

NUMENTIS is a Canadian-owned Managed Services provider that offers Managed IT, Cybersecurity Solutions, Cloud Services and VoIP to help their customers control costs, secure their data and make their people more productive. Contact us today to learn more about our services and solutions and how we’re solving technology hurdles for our clients.

Blog