Report shows SMEs in the crosshairs

Share post

Data and identity theft are the biggest threats to small and medium-sized businesses – SMBs. According to Sophos, almost 50 percent of all malware cases analyzed in 2023 targeted this market segment, according to the Sophos Threat Report 2024.

Cybercrime is a challenge for organizations of all sizes, but it hits small businesses hardest and often under the public's radar. Sophos introduces its new Threat Report: Cybercrime on Main Street. This year the focus is on the biggest threats to small and medium-sized businesses (SMEs).

Report: SMEs most threatened

While cyberattacks on corporations and government agencies make up the majority of news coverage, small businesses are generally more vulnerable and suffer proportionately more from the consequences of cyberattacks. A lack of experienced security personnel, inadequate investment in cybersecurity, and overall reduced information technology budgets contribute to this vulnerability. SMEs are no small thing. According to the World Bank, more than 90 percent of the world's businesses are small and medium-sized organizations and they account for more than 50 percent of global employment.

Keyloggers, spy software and stealers in 50 percent of attacks

In almost half of all attacks on SMEs, keyloggers, spy software and so-called stealers, i.e. malware designed to steal data and access data, are used. Cybercriminals later use this stolen information for further actions such as unauthorized remote access, extortion or installing ransomware.

The Sophos report also analyzes so-called IABs, i.e. initial access brokers. These criminals specialize in breaking into computer networks. The report shows that cyber criminals use the dark web to offer their services specifically to SME networks. They also sell direct access to SMEs that they have already hacked.

Cybercrime has only one goal: data

🔎 LockBit, Akira and BlackCat continue to lead the ransomware family rankings (Image: Sophos).

Christopher Budd, Director of Threat Research at Sophos to benefit the entire organization. An example: Attackers deploy an infostealer on a target network to steal access data. They end up with a password for the entire company's invoicing software. They could now access the company's financial data and transfer funds to their own accounts. There’s a reason why 90 percent of all cyberattacks Sophos investigated in 2023 involved data or identity theft – either through ransomware attacks, data extortion, unauthorized remote access, or just plain data theft.”

Ransomware remains the biggest threat to SMEs, LockBit is number 1

Although the number of ransomware attacks against SMBs has remained the same, they still represent the biggest cyber threat to companies with fewer than 500 employees. According to the Sophos Incident Response team, which responds to acute attacks, LockBit was the ransomware group with the greatest potential for chaos . Akira and BlackCat follow in second and third place. Attacks from older or less well-known ransomware, such as BitLocker or Crytox, have also occurred recently.

Remote encryption increases by 62 percent

🔎 Remote ransomware attacks continue to increase (Image: Sophos).

The report also shows that criminals are maintaining their strategy of constantly changing the tactics of their ransomware attacks in order to remain successful. This is currently reflected in an increased occurrence of remote access encryption activities and the targeted targeting of MSPs (Managed Service Providers) as an attack surface multiplier. Between 2022 and 2023, the number of remote encryption ransomware attacks increased by 62 percent. The Sophos Managed Detection and Response (MDR) team also responded to several cases in 2023 in which SMBs were attacked via a vulnerability in their MSP's remote monitoring and management (RMM) software.

Social engineering and BEC: Attackers are becoming penetrative

Scam emails specifically aimed at companies, so-called Business Email Compromise (BEC), were among the second most common attacks after ransomware in 2023. These and other social engineering attacks involve an increasing level of sophistication: Instead of simply sending an email with a malicious attachment, the criminals now engage more closely with their victim and send a series of email messages or calls even at them. In an attempt to evade traditional spam tools, attackers are now experimenting with new formats for their malicious content, such as embedding images with malware or malicious attachments in OneNote or archive formats. In one case, Sophos revealed that the fraudsters sent a PDF document with a blurry, unreadable thumbnail of an “invoice.” The download button then contained a link to a malicious website.

Sophos Threat Report 2024 with important information

“Our latest report shows once again that there is no shortage of threats to SMBs, and the sophistication of these attacks is often comparable to those on large organizations,” said Christopher Budd. “While the expected ransom or extortion amounts are lower than with a larger organization, the criminals easily make up for this 'shortcoming' due to the number of attacks and the often lax cybersecurity precautions. Attackers are counting on smaller companies being less well protected and not using modern, sophisticated tools to protect their users and assets.

This is also the key to successful protection: SMEs have to prove these assumptions wrong. It is important to train employees, implement multi-factor authentication on all external resources, patch servers and network devices with the highest priority and, if necessary, use managed services. In our experience, the main difference between the companies most affected by cyberattacks and those that suffered the least is response time. Having security professionals monitoring and responding 2024/XNUMX is critical to effective defense in XNUMX.”

More at


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


Matching articles on the topic

Report shows SMEs in the crosshairs

Data and identity theft are the biggest threats to small and medium-sized businesses - SMBs. Almost 50 percent ➡ Read more

Cyber ​​threats: another record high in 2023

The number of cyber threats reached a record high in 2023. This is what Trend Micro’s Annual Cybersecurity Report shows. More than 161 ➡ Read more

The right strategy after a data loss

Companies around the world face numerous threats. International studies also show this. A study by Arcserve shows that 76 percent of all ➡ Read more

Cyber ​​threats in Germany – a review and outlook

Phishing attacks, ransomware attacks, AI-powered malware - cyber threats are becoming more sophisticated and increasing. A study examined how German companies ➡ Read more

EU diplomats: invitation to wine tasting with malware in their luggage 

A recently identified cyber espionage campaign shows how highly specialized attackers are targeting government institutions and diplomats. These threat actors used fake invitations ➡ Read more

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more