2024 Sophos Threat Report Reveals Data and Credential Theft as Top Threats to SMBs

Cyber criminals are increasingly targeting data in a new trend emerging in the cyber security space, a new survey – 2024 Sophos Threat Report has shown.

The report by cybersecurity services firm Sophos, sheds light on the prevalent dangers faced by small- and medium-sized businesses (SMBs) in the digital landscape.

The 2024 Sophos Threat Report titled “Cybercrime on Main Street,” the report underscores the significant threats looming over SMBs, with a focus on the year 2023.

According to the report, a staggering 50 percent of malware detected targeting SMBs comprised keyloggers, spyware, and stealers – malicious software designed to pilfer data and credentials.

Cybercriminals employ these tactics to gain unauthorized access, extort victims, deploy ransomware, and execute various nefarious activities.

Christopher Budd, director of Sophos X-Ops research at Sophos, emphasized the exponential rise in the value of ‘data’ as currency among cybercriminals, particularly emphasizing its impact on SMBs.

Budd illustrated a scenario wherein attackers infiltrate a network using an infostealer, subsequently obtaining crucial credentials such as those for accounting software.

2024 Sophos Threat Report – financial losses

With access to financial data, cybercriminals can redirect funds to their accounts, highlighting the dire consequences of data theft for SMBs.

Sophos X-Ops director Christopher Budd, said that there’s reason why more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft

“The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation,” said Budd.

Read Also: Sophos Recognized as a Leader on Endpoint Protection Platforms

Furthermore, the report delves into the realm of initial access brokers (IABs), specialists in breaching computer networks. These criminals leverage the dark web to advertise their services, offering access to compromised SMB networks or selling pre-compromised access to interested parties.

“For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts,” added budd.

Ransomware Continues to Plague SMBs

Despite stabilization in the number of ransomware attacks against SMBs, Sophos identifies ransomware as the most significant cyber threat to this demographic. Sophos Incident Response (IR) data reveals LockBit as the predominant ransomware gang, followed by Akira and BlackCat. Additionally, SMBs faced threats from older ransomware variants like BitLocker and Crytox.

The report highlights evolving ransomware tactics, including the use of remote encryption and targeting managed service providers (MSPs). Notably, between 2022 and 2023, the incidence of ransomware attacks involving remote encryption surged by 62%. Moreover, Sophos’s Managed Detection and Response (MDR) team responded to five cases wherein SMBs fell victim to exploits in their MSPs’ remote monitoring and management (RMM) software.

Sophisticated Social Engineering and BEC Attacks

Beyond ransomware, the Sophos report underscores the rising prominence of business email compromise (BEC) attacks. These attacks, alongside other social engineering campaigns, exhibit increased sophistication, transcending traditional spam prevention measures.

Attackers now engage in prolonged interactions with targets, employing conversational emails and even resorting to phone calls to enhance their efficacy. In a bid to evade detection, cybercriminals experiment with novel formats for malicious content, embedding codes within images or employing unconventional attachment formats like OneNote or archives.

One notable case outlined in the report involves attackers sending a PDF document with a deliberately blurred invoice thumbnail, concealing a link to a malicious website within the download button.

For comprehensive insights into cyber threats targeting SMBs, Sophos recommends referring to the 2024 Sophos Threat Report: Cybercrime on Main Street, available on Sophos.com.