Cyber security firm Sophos recently released its annual threat report. The report titled ‘Cybercrime on Main Street’ reveals the biggest cyber-attacks on small and medium-sized businesses.
According to the report, keyloggers, spyware and cybercriminals will account for nearly 50 percent of malware detected in such organizations in 2023. Cyber attackers use this malware to steal data and credentials. Attackers then reuse this stolen information in attacks such as unauthorized remote-access, extorting money from victims, and ransomware.
Although ransomware levels have stabilized among small- and medium-sized enterprises, it is still the biggest cyber threat to such organizations. According to incidents handled by Sophos’ Incident Response (IR), the Lockbit ransomware group is the most active. Ransomware named Akira and Blackcat were ranked second and third respectively. Also, older and lesser-known ransomware attacks include BitLocker and Crytox.
According to this report, ransomware attackers are constantly changing their tactics. Some of the changes include using remote encryption and targeting managed service providers (MSPs).
Between 2022 and 2023, ransomware levels in remote encryption were 62%. Where attackers use unmanaged devices on victim organizations’ networks to encrypt files on other systems. Sophos’ Managed Detection and Response (MDR) team also worked on five cyber-attacks involving small businesses last year.
According to a Sophos report, the second most common cyber-attack after ransomware is ‘Business Email Compromise (BEC)’. In 2023 Sophos dealt with Incident Response (IR). These BEC attacks and other social engineering attacks are becoming more sophisticated. Instead of sending a fake email with a malicious attachment, attackers now steal confidential information by sending multiple conversational emails or even calling.
On the other hand, attackers are experimenting with new methods to circumvent anti-spam tools. Embedding malicious code in images or sending malicious attachments in OneNote, archive format are some examples.
In one incident investigated by Sophos, a PDF file sent by attackers was accompanied by an obscure thumbnail of an “invoice”. And the download button contained a link to a malicious website.