Between infostealers, ransomware and BEC attacks, small and medium-sized businesses (SMBs) are struggling to stay safe.
Malware that steals information, ransomware and the breach of email Business Execution and Control (BEC) remain the three biggest cyber threats facing small and medium-sized enterprises (SMEs), a new report from Sophos warns.
The company claims that almost half of all ransomware detected on SMB endpoints last year was either keyloggers, spyware, or infostealers - all malicious programs used to steal sensitive data and login credentials.
See also: Malware families adapt to COM Hijacking technique
For researchers, this makes sense, as misuse of legitimate accounts is harder to detect and opens the door to many more criminal opportunities.
"For example, let's say the attackers develop a infostealer into their target's network to steal credentials and then get their hands on the password for the company's accounting software. Attackers could then gain access to the target company's financial data and be able to funnel funds into their own accounts."
See also: BianLian ransomware: exploiting JetBrains TeamCity vulnerabilities for attacks
Οι infostealers μπορεί να είναι οι πιο διαδεδομένες απειλές, αλλά το ransomware παραμένει η μεγαλύτερη. Ευτυχώς για τις SMB (μικρομεσαίες επιχειρήσεις) ο αριθμός των επιθέσεων ransomware “σταθεροποιήθηκε”, δήλωσε η Sophos, υποδηλώνοντας ότι η αύξηση επιβραδύνθηκε. Ταυτόχρονα, οι attacks ransomware συνεχίζουν να εξελίσσονται. Μbetween 2022 and 2023, the number of remote encryption attacks increased by almost two thirds (62%). Remote encryption occurs when threat actors use an unmanaged device belonging to the victim organization to encrypt files on other systems.
See also: Ransomware 2023: Americans lost $59.6 million
BEC attacks are the second highest type of attack, just behind ransomware, concluded Sophos. Attackers involved in BEC attacks are becoming more sophisticated and often engage in a series of email conversations with their victims, and sometimes even phone calls, before deciding to strike.
Source of Information: techradar.com/pro
