Summary:
A new report from Sophos highlighted that over three-quarters of cyber incidents in 2023 impacted small businesses. Ransomware in particular made up a good chunk of these incidents with groups like LockBit, Akira, BlackCat, and Play leading the forefront in terms of the attacks observed against small businesses. Sophos notes that tactics employed by ransomware groups evolved as 2023 progressed, including the employment of remote encryption, where these actors have been observed abusing unmanaged devices on organizations’ networks to attempt files on other systems via network file access. Additionally, researchers have observed the development of new ransomware strains from groups like LockBit designed to target macOS and Linux systems, adding to the list of potential users and systems that can be targeted.

Security Officer Comments:
Data theft seems to be the main objective or goal behind attacks against small to mid-size businesses, with Sophos reporting that 90% of cyberattacks reported by its customers involved data or credential theft resulting from either ransomware or data breaches. Notably, Sophos says 43.26 of all the malware targeting SMBs in 2023 were designed to steal data, including a mix of password stealers, keyboard loggers, and much more. With access to such data, researchers note that actors can use the data in follow-on social engineering attacks such as business email compromises, to access third-party services and internal resources, or even sell it to other cybercriminals on underground forums to be employed in future attacks.

Suggested Corrections:
Sophos’ report highlights a rise in the employment of malicious web advertisements and SEO poisoning to infect victims. Notably, malicious sites are being set up by actors hosting fake downloads for popular software. Visibility to these sites is increased by purchasing ads from Google, resulting in unsuspecting users ending up on the domains and being tricked into downloading malicious software. In light of this, users browsing the web should be careful and avoid results on Google that are labeled ‘sponsored.’ If there is a particular software of interest, users should refer to the official vendor’s site to initiate a download.

Link(s):
https://www.infosecurity-magazine.com/news/cyber-incident-victims-small/
https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report/