Press Release

Ransomware remains biggest threat to SMBs, says Sophos Threat Report

Tue 12 Mar 2024

Sophos has found that ransomware remains the principal threat to small and medium-sized businesses (SMBs), despite a stabilisation in the number of attacks.

The 2024 Threat Report identified that data and credential theft malware, including keyloggers, spyware, and stealers, also constituted nearly 50% of all malware detections targeting SMBs.

Attackers use this stolen information to gain unauthorised remote access, extort victims, deploy ransomware, and more.

Data and Credential Theft: A Rising Concern for SMBs

Christopher Budd, Director of Sophos X-Ops Research, stressed the growing allure of data as a currency among cybercriminals, especially towards SMBs that often rely on singular service or software applications for entire operations.

“There’s a reason that more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft,” Budd explained, highlighting the criticality of securing access to essential business applications to prevent financial theft and unauthorised access.

“Let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software.

“Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts,” said Budd.

Ransomware Dominates Cyberthreat Landscape

Despite a stabilisation in the number of attacks, ransomware remains the principal threat to SMBs.

Sophos Incident Response (IR) identified LockBit, Akira, and BlackCat as the top ransomware gangs targeting SMBs, alongside attacks by older and lesser-known ransomware variants.

The report notes a 62% increase in ransomware attacks involving remote encryption between 2022 and 2023, and highlights instances of small businesses attacked through vulnerabilities in their managed service providers’ (MSPs) software.

Evolving Tactics in Social Engineering

The Sophos report also sheds light on the sophistication of business email compromise (BEC) and social engineering attacks, now the second highest type of attacks after ransomware.

Attackers are engaging in more elaborate tactics, including extended email conversations and phone calls, to build trust before deploying malicious content.

Innovations in avoiding detection include embedding malicious code in images and using less common file formats like OneNote or archives for malicious attachments.

With attackers leveraging complex social engineering tactics and exploiting vulnerabilities in cloud infrastructure and MSP software, SMBs are urged to enhance their cybersecurity measures.

Join Cloud & Cyber Security Expo Frankfurt

22-23 May 2024, Messe Frankfurt

Cloud & Cyber Security Expo Frankfurt is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Send us a correction Send us a news tip