Report: Ransomware Still Biggest Cyberthreat to SMBs in 2024
Sophos, a global leader in innovating and delivering cybersecurity as a service, has released its 2024 Sophos Threat Report, tagged ‘Cybercrime on Main Street’, with this year’s report, exposing the biggest threats facing small and medium-sized businesses (SMBs).
According to the report, while the number of ransomware attacks against SMBs stabilised a little in 2023, such targeted attacks continue to be the biggest cyberthreat to SMBs in 2024.
“In 2023, nearly 50 per cent of malware detections for SMBs were keyloggers, spyware and stealers. These are malware that attackers used to steal data and credentials. The attackers subsequently used the stolen information to gain unauthorised remote access, extort victims, deploy ransomware, and more,” the report said.
The Sophos report also analysed initial access brokers (IABs), which has to do with criminals that specialise in breaking into computer networks. The report further said IABs were always using the dark web to advertise their ability and services to break specifically into SMB networks or sell ready-to-go-access to SMBs that they have already cracked.
Giving further analysis of the 2024 Sophos Threat Report, the Director, Sophos X-Ops Research at Sophos, Christopher Budd, said: “The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation. For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software, such attackers will then gain access to the targeted company’s financials and have the ability to channel funds into their own accounts. “There’s a reason that more than 90 per cent of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft.”