,

SMBs are being hit with more malware attacks than ever, and many can’t keep up

Between infostealers, ransomware, and BEC attacks, SMBs are having a hard time remaining secure

Information-stealing malware, ransomware, and business email compromise (BEC), remain the three biggest cyber-threats small and medium-sized businesses (SMB) are facing, a new report from Sophos has warned.

The company claims almost half of all malware detected on SMB endpoints last year were either keyloggers, spyware, or infostealers – all malicious programs used to steal sensitive data and login credentials. 

For the researchers, this makes sense as the abuse of legitimate accounts is more difficult to spot, while opening the doors to many more criminal opportunities.

Ransomware and BEC

“The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation,” says Christpher Budd, director of Sophos X-Ops.

“For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts.” 

Infostealers may be the most wide-spread threats, but ransomware remains the biggest. Fortunately for SMBs, the number of ransomware attacks “stabilized”, Sophos said, suggesting that growth slowed down. At the same time, ransomware attacks continue to evolve. Between 2022 and 2023, the number of remote encryption attacks rose by almost two-thirds (62%). Remote encryption happens when threat actors use an unmanaged device belonging to the victim organization, to encrypt files on other systems.

BEC attacks are the second-highest type of attack, right after ransomware, Sophos concluded. The attackers engaged in BEC are growing increasingly sophisticated, and often engage in a series of conversational emails with their victims, and sometimes even phone calls, before deciding to strike.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
You might also like
What’s New in Cybersecurity for the New Year?
Fileless malware: The invisible threat
Improve Your Cyber Security Awareness
The importance of updating firmware
Seafest Web BrowserHow to choose the safest web browser
How to spot ‘spear phishing’, an insidious cybercrime trend
Unveiling the invisible threat: Exploring the world of fileless malware
Securing Microsoft Teams: Practical tips to keep your workplace safe