Mar 13 2024

Keyloggers, spyware, and stealers dominate SMB malware detections

Category: Cybercrime,Malware,Spywaredisc7 @ 10:56 am

In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos.

SMBs ransomware cyberthreat

Attackers subsequently use this stolen information to gain unauthorized remote access, extort victims, deploy ransomware, and more.

Ransomware remains primary cyberthreat for SMBs

The Sophos report also analyses initial access brokers (IABs)—criminals who specialize in breaking into computer networks. As seen in the report, IABs are using the dark web to advertise their ability and services to break specifically into SMB networks or sell ready-to-go-access to SMBs they’ve already cracked.

“The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation. For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts,” said Christopher Budd, director of Sophos X-Ops research at Sophos.

“There’s a reason that more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft,” added Budd.

While the number of ransomware attacks against SMBs has stabilized, it continues to be the biggest cyberthreat to SMBs. Out of the SMB cases handled by Sophos Incident Response (IR), which helps organizations under active attack, LockBit was the top ransomware gang wreaking havoc. Akira and BlackCat were second and third, respectively. SMBs studied in the report also faced attacks by lingering older and lesser-known ransomware, such as BitLocker and Crytox.

BEC attacks grow in sophistication

Ransomware operators continue to change ransomware tactics, according to the report. This includes leveraging remote encryption and targeting managed service providers (MSPs). Between 2022 and 2023, the number of ransomware attacks that involved remote encryption—when attackers use an unmanaged device on organizations’ networks to encrypt files on other systems in the network—increased by 62%.

In addition, this past year, Sophos’s Managed Detection and Response (MDR) team responded to five cases involving small businesses that were attacked through an exploit in their MSPs’ remote monitoring and management (RMM) software.

Following ransomware, business email compromise (BEC) attacks were the second highest type of attacks that Sophos IR handled in 2023, according to the report.

These BEC attacks and other social engineering campaigns contain an increasing level of sophistication. Rather than simply sending an email with a malicious attachment, attackers are now more likely to engage with their targets by sending a series of conversational emails back and forth or even calling them.

In an attempt to evade detection by traditional spam prevention tools, attackers are now experimenting with new formats for their malicious content, embedding images that contain the malicious code or sending malicious attachments in OneNote or archive formats. In one case Sophos investigated, the attackers sent a PDF document with a blurry, unreadable thumbnail of an “invoice.” The download button contained a link to a malicious website.

Mastering Cyber Security Defense to Shield Against Identity Theft, Data breaches, Hackers, and more in the Modern Age

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: keylogger, Malware, SMB

Sep 19 2022

SMBs are hardest-hit by ransomware

Category: cyber securityDISC @ 8:21 am

Coalition announced the mid-year update to its 2022 Cyber Claims Report detailing the evolution of cyber trends, revealinig that small businesses have become bigger targets, overall incidents are down, and ransomware attacks are declining as demands go unpaid.

During the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021.

“Across industries, we continue to see high-profile attacks targeting organizations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors,” said Catherine LyleCoalition’s Head of Claims.

“Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible.”

The good news: both Coalition and the broader insurance industry observed a decrease in ransomware attack frequency and the amount of ransom demanded between the second half of 2021 and the first half of 2022. Ransomware demands decreased from $1.37M in H2 2021 to $896,000 in H1 2022. Of the incidents that resulted in a payment, Coalition negotiated down to roughly 20% of the initial demand.

More good news: Coalition policyholders experienced 50% fewer claims compared to the broader market. The severity of these claims has also declined, with 45% of incidents resolved at no cost. The substantial decrease in overall claims stems from Coalition’s combination of cybersecurity tools, including active monitoring and alerting, access to digital forensics and incident response, and broad insurance coverage.

“Organizations are increasingly aware of the threat ransomware poses. They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means,” said Chris Hendricks, Coalition’s Head of Incident Response. “As ransomware is on the decline, attackers are turning to reliable methods. Phishing, for example, has skyrocketed – and only continues to grow.”

Other key findings:

  • Phishing triggers the majority of cyber incidents, accounting for 57.9% of reported claims
  • Cyber gangs have built a thriving business
  • Funds transfer fraud (FTF) claims have held steady thanks to phishing, and
  • Microsoft Exchange has become the vulnerability that persists.

100 dollars

Cybersecurity for Small and Midsize Businesses

Tags: Cybersecurity for Small and Midsize Businesses, Small and Midsize Businesses, SMB

Jan 11 2022

Small businesses are most vulnerable to growing cybersecurity threats

Category: Cyber ThreatsDISC @ 10:50 am

While protecting digital resources may be easy for large companies that can afford to hire in-house cybersecurity staff and establish threat monitoring and endpoint detection infrastructure, this endeavor can often seem impossible for SMBs. All the while, the dangers for smaller businesses could not be more acute, especially since the businesses’ operators and employees are often uninformed about common cybersecurity threats.

By understanding the threats they face and implementing a few relatively low-effort but highly effective protection measures, SMBs can leap into the next phase of growth with their digital assets secured.

Unique threats to SMBs

The scope of cybersecurity threats to small companies is no less varied than the threats large multinational corporations face, but SMBs’ size and lack of infrastructure often leaves them more vulnerable to targeted hacking schemes and threats. Hackers often opt for schemes that require less preparation and risk and find easier targets in SMBs.

One major vulnerability is the disadvantage SMBs face because they often do not control every aspect of their supply chain. A bad actor can conduct a software supply chain hack, isolating smaller vendors and suppliers as weak points with little to no cybersecurity protection, forcing them to unwittingly pass on malware that can disable an entire chain of businesses. SMBs in the logistics and operations industries are particularly vulnerable targets since they are connected to many other companies and will likely be more willing to pay the ransom to quickly resume operations at 100% capacity.

In addition, an entirely new slew of cyber threats has cropped up along with the hybrid work model. In a rush to digitize at the start of the pandemic, many SMBs relied on single systems that they perceived to be safe, including migrating their files and processes to the cloud. They hoped that the cloud’s decentralized nature would prevent them from being victimized by cyber attackers. However, even cloud software providers can be infiltrated, as all it takes is one bug to create a vulnerability. Yet most SMBs fail to acknowledge the new vulnerabilities remote work creates and are now even more vulnerable since they are complacently conducting business through unsecured systems.

All these threats represent a growing danger to SMBs’ success – and some SMBs are more vulnerable than others. Many of the industries (e.g., agriculture) that never thought they would be targeted and therefore eschewed any type of basic cybersecurity are years behind in their cyber protection measures.


Regulations add another complication

Cybersecurity for Small and Midsize Businesses

Cybersecurity for Small and Midsize Businesses by [Marlon Bermudez]

Tags: Cybersecurity for Small and Midsize Businesses, Cybersecurity for SMBs, SMB

Aug 09 2020

Small and medium‑sized businesses: Big targets for ransomware attacks

Category: RansomwareDISC @ 10:41 pm

Why are small and medium-sized businesses a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion?

According to a recent report by the Ponemon Institute, the biggest challenge faced by SMBs is a shortage of personnel to deal with cyber-risks, attacks, and vulnerabilities, while the second greatest problem revolves around limited budgets. The third biggest challenge is that the firms may lack an understanding of how to protect against cyberattacks.

According to Datto’s report, ransomware is at the top of the list of the malware threats that SMBs face, with one in five reporting that they had fallen victim to a ransomware attack. The average ransom requested by threat actors is about US$5,900. However, that is not the final price tag; the cost of downtime is 23 times greater than the ransom requested in 2019, coming in at US$141,000 and representing an increase of over 200% from 2018 to 2019.

“Funding cybercriminals also funds larger cyberattacks, so it must be reiterated that paying won’t always get make the issue go away,” says ESET cybersecurity specialist Jake Moore.

The key, then, is prevention, and it includes these basic measures:

  • All employees should undergo regular training so as to be up-to-date on cybersecurity best practices. This can go a long way in lowering the chances of them clicking on potentially hazardous links in their emails that could be laced with ransomware or plugging in unknown USB devices that could be loaded with malware.
  • You should always keep your operating systems and other software updated to the newest version available and, whenever a patch is released, apply it.
  • Always plan for the worst and hope for the best, so have a business continuity plan at the ready in case disaster strikes. It should include a data backup and maybe even a backup infrastructure you can use while you try to restore your locked systems.
  • Backups are essential for everyone, be it individuals or huge enterprises. Back up your business-critical data regularly and test those backups frequently to see if they are functioning correctly, so that they don’t leave you in a bind if you’re hit. At least the most valuable data should also be stored off-line.
  • Reduce the attack surface by disabling or uninstalling any unnecessary software or services. Notably, as remote access services are often the primary vector for many ransomware attacks, you would be well advised to disable internet-facing RDP entirely or at least limit the number of people allowed remote access to the firm’s servers over the internet.
  • Never underestimate the value of a reputable, multilayered security solution. Besides your employees, it is your first line of defense that you should have up and running to protect you against all manner of threats, not ‘just’ ransomware attacks. Also, make sure the product is patched and up-to-date.

Source: Small and medium‑sized businesses: Big targets for ransomware attacks | WeLiveSecurity

Guide to Protecting and Recovering from Ransomware Attacks

How phishing attacks have exploited the US Small Business Administration

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email


Tags: ransomware attacks, SMB

Jun 22 2010

Symantec: SMBs Change Security Approach with Growing Threats

Category: BCP,MalwareDISC @ 1:50 am
Image representing Symantec as depicted in Cru...
Image via CrunchBase

By: Brian Prince

A survey of small to midsize businesses from 28 different countries by Symantec found that companies are focusing more on information protection and backup and recovery. Driving these changes is a fear of losing data.

Today’s small to midsize businesses (SMBs) are facing a growing threat from cyber-attacks, and are changing their behavior to keep up.

In a May poll of 2,152 executives and IT decision makers at companies with between 10 and 499 employees, Symantec found SMBs are now spending two-thirds of their time dealing with things related to information protection, such as computer security, backup and archival tasks, and disaster preparedness. Eighty-seven percent said they have a disaster preparedness plan, but just 23 percent rate it as “pretty good” or “excellent.”

Driving the push for these plans, as well as the interest in backup and recovery, is the fear of losing data. Some 42 percent reported having lost confidential or proprietary information in the past, and all of those reported experiencing revenue loss or increased costs as a result. Almost two-thirds of the respondents said they lost devices such as smartphones, laptops or iPads in the past 12 months, and all the participants reported having devices that lacked password protection and could not be remotely wiped if lost or stolen.

In the past, SMBs would settle for having antivirus technology, said Bernard Laroche, senior director of product marketing at Symantec. Now, however, they are starting to realize the threat landscape is changing, he said.

“If you look at endpoint usage … in most SMBs that’s the only place where the information resides because people were not backing up … so if somebody would lose a laptop at the airport or somebody steals the laptop in the back of car or something, then your information is obviously at risk and that can bring a lot of financial impact to small business,” he said.

The survey also found SMBs are spending an average of about $51,000 on information protection. The financial damage for those who suffer cyber-attacks can be significant. Cyber-attacks cost an average of $188,242 annually, according to the survey. Seventy-three percent said they were victims of cyber-attacks in the past year, and 30 percent of those attacks were deemed “somewhat/extremely successful.” All of the attack victims suffered losses, such as downtime, theft of customer or employee information, or credit card data, Symantec reported.

“The concept of, ‘I’ve got an antivirus solution, I’m fully protected,’ I think those days are gone,” Laroche said.

Detail information on Symantec SMBs Suites:

Symantec Endpoint Protection Small Business Edition 12.0

Symantec Protection Suite Small Business Edition 3.0

Tags: Backup, Business, Computer security, Credit card, Emergency Management, Small business, SMB, SMB suites, Symantec, Warfare and Conflict