SMBs are being hit with more malware attacks than ever, and many can't keep up

smb security
(Image credit: Getty Images)

Information-stealing malware, ransomware, and business email compromise (BEC), remain the three biggest cyber-threats small and medium-sized businesses (SMB) are facing, a new report from Sophos has warned.

The company claims almost half of all malware detected on SMB endpoints last year were either keyloggers, spyware, or infostealers - all malicious programs used to steal sensitive data and login credentials. 

For the researchers, this makes sense as the abuse of legitimate accounts is more difficult to spot, while opening the doors to many more criminal opportunities.

Ransomware and BEC

“The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation,” says Christpher Budd, director of Sophos X-Ops.

“For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts.” 

Infostealers may be the most wide-spread threats, but ransomware remains the biggest. Fortunately for SMBs, the number of ransomware attacks “stabilized”, Sophos said, suggesting that growth slowed down. At the same time, ransomware attacks continue to evolve. Between 2022 and 2023, the number of remote encryption attacks rose by almost two-thirds (62%). Remote encryption happens when threat actors use an unmanaged device belonging to the victim organization, to encrypt files on other systems.

BEC attacks are the second-highest type of attack, right after ransomware, Sophos concluded. The attackers engaged in BEC are growing increasingly sophisticated, and often engage in a series of conversational emails with their victims, and sometimes even phone calls, before deciding to strike.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.