More than fifty percent of malware discovered in SMBs aimed to steal data and credentials. Ransomware remains the biggest threat to SMBs.

According to Sophos, cyber risks for the medium-sized market still remain too under the radar. Attacks on large companies are receiving more media attention, but attackers are increasingly targeting SMEs. More than 75 percent of the incident response cases Sophos handled last year occurred at SMBs, the security company said in its first research report of the year.

SMEs are an interesting target for cybercriminals as they are generally more vulnerable than large companies. The average SMB has limited resources to protect itself, and the impact of an attack is also far more severe financially. The profit per attack may be lower for the criminals, but several smaller cracks ultimately bring in the same amount. Sophos defines “SME” as a company with 500 employees or fewer.

Data as a goal

Cyber ​​criminals are after your data, as the Sophos report shows once again. In more than 90 percent of attacks, attackers try to obtain data or access data in one way or another. Keyloggers, spyware, and stealers are the most common types of malware used to steal the necessary information to give attackers undetected remote access so they can take their next steps.

The biggest threat to SMEs remains ransomware, even if the number of ransomware attacks is stabilizing in absolute terms. Sophos also sees the emergence of changing technologies. Remote encryption and attacks on managed service providers are the most prominent attack trends. LockBit was the hacker group that caused the most damage in 2023.

“The value of ‘data’ as a means of payment has increased exponentially among cybercriminals. This is particularly true for SMEs, as they typically only use one service or software application per function across their entire operations,” explains Sophos researcher Christopher Budd.

Conversation with victim

Malware is one way to break in, but email is still a proven recipe. The way BEC attacks (Business Email Compromise) Changes have also been made over the years, Sophos notes. Instead of sending an email containing a malicious file and hoping for luck, attackers first try to establish a conversation with the victim.

This ranges from sending a few emails back and forth to calling the victim. In this way, they learn more and more information about the victim and the content of the emails becomes more personal and targeted.

Additionally, the attackers have also managed to customize spam filters and other tools to keep malicious files out of your mailbox. Some tricks that Sophos often sees are OneNote attachments or PDF files that contain a malicious link.