Sophos Report Reveals Data and Credential Theft as Top Threats to SMBs in 2023

Mar 14, 2024 Mark

Mar 14, 2024: Sophos, a global cybersecurity leader, has unveiled its 2024 Threat Report, shedding light on the prevalent cyber threats faced by small- and medium-sized businesses (SMBs) in the past year. Titled “Cybercrime on Main Street,” the report highlights the alarming rise of data and credential theft as the primary concern for SMBs.

According to the report, nearly 50% of malware detections targeting SMBs in 2023 were keyloggers, spyware, and stealers, designed to pilfer sensitive data and credentials. Cybercriminals leverage this stolen information for unauthorized access, extortion, ransomware deployment, and other malicious activities.

Christopher Budd, Director of Sophos X-Ops research, emphasized the escalating value of data among cybercriminals, especially for SMBs reliant on singular software applications for critical functions. Budd stated, “The prevalence of data and credential theft in cyberattacks against SMBs underscores the urgent need for robust cybersecurity measures.”

Ransomware remains a pervasive threat to SMBs, with LockBit emerging as the top ransomware gang causing disruptions, followed by Akira and BlackCat. The report also highlights evolving ransomware tactics, including the increased use of remote encryption and targeting of managed service providers (MSPs). Moreover, the exploitation of MSPs’ remote monitoring and management (RMM) software poses additional risks to SMBs.

In tandem with ransomware, business email compromise (BEC) attacks witnessed a surge, becoming the second most prevalent threat handled by Sophos Incident Response (IR) in 2023. These attacks, characterized by heightened sophistication, often involve engaging targets through conversational emails and employing novel methods to evade detection.

Sophos detected instances where attackers embedded malicious code within images or utilized OneNote and archive formats to distribute malicious content. In one notable case, attackers sent a PDF document with a deceptive thumbnail, leading to a malicious website via a disguised download link.

The Sophos Threat Report underscores the critical importance for SMBs to prioritize cybersecurity measures to mitigate evolving threats and safeguard sensitive data against increasingly sophisticated cybercriminal tactics.

Follow on Google News
CATEGORIES : Technology Cyber Security


Or using ePRNews Account

Don't have an account ? Sign Up

Register New Account

Already have an account ? Login

Reset Password

Already have an account ? Login


If you have any concerns regarding this press release, please contact the Author / Media Contact / Business of this press release. ePRNews is not resposible for the accuracy of the news posted and do not endorse, support any product/ services/ business mentioned and hereby disclaims any content contained in this press release.