SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Sophos 2024 report reveals top cybersecurity threats to SMBs
Thu, 14th Mar 2024

Global cybersecurity company, Sophos, has published its annual 2024 Sophos Threat Report which unveils the foremost threats targeted at small and medium-sized businesses (SMBs). The report draws on insights from over 1500 malware detections for SMBs across SophosLabs, Managed Detection and Response (MDR), and Incident Response (IR).

The report disclosed that almost half (50%) of the malware detected against SMBs in 2023 consisted of keyloggers, spyware, and stealers. These particular types of malware are often used by cyber criminals to snatch data and digital credentials, for instance, logging a user's keystrokes to steal passwords or other sensitive information.

Additional findings of the report suggest that ransomware developers persist in altering their attack tactics, utilising remote encryption and increasingly, setting their sights on managed service providers (MSPs). Between 2022 and 2023, there was a 62% increase in ransomware attacks involving remote encryption. In the past year alone, Sophos's MDR team responded to five cases where small businesses were assaulted via an exploit in their MSPs' remote monitoring and management (RMM) software.

Second to ransomware, business email compromise (BEC) attacks emerged as the next highest type of assault that Sophos IR handled in 2023. The report noted an evolution in attacker relationship with their targets, with a sequence of conversational emails being exchanged or sometimes even phone calls made.

The value of 'data' has skyrocketed among cyber criminals, especially in relation to SMBs," said Christopher Budd, director of Sophos X-Ops research at Sophos. "There's a reason that more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft."

The report also revealed that while the number of ransomware attacks remains stable it is persistently the biggest cyber threat to SMBs. The Sophos Incident Response (IR) has flagged that LockBit was the most aggressive ransomware group of 2023, with Akira and BlackCat close behind. In addition, the report brought to light ongoing hits from older, lesser-known ransomware like BitLocker and Crytox.

A growing sophistication among cyber criminals was also detected, with an increasingly elaborate approach taken towards business email compromise (BEC) attacks and other social engineering endeavours. Many are now choosing to engage targets through a back-and-forth exchange of emails or even phone calls. Furthermore, to avoid traditional spam prevention tool detection, cyber criminals are experimenting with new malicious content formats.

The 2024 Sophos Threat Report paints a clear picture of the fluidity of the threat landscape and the speed at which tactics evolve. SMB's are encouraged to take relevant precautions to mitigate the risks unveiled by this report.