Sophos researchers observed a shift in threat activity against small businesses in 2023, including a surge in remote ransomware attacks, according to new research published Tuesday.
Although the vendor said ransomware continues to be the primary threat to smaller businesses, other major threats include data theft - such as password stealers, keyloggers, spyware and phishing - malvertising, unprotected devices being targeted, higher-effort social engineering attacks, attacks on mobile device users and abuse of drivers.
Christopher Budd, director of Sophos X-Ops, told TechTarget Editorial that threat actors have turned to drivers due in part to the increasing security postures of defenders.
Sophos said ransomware still represents the biggest threat to SMBs. Another notable data point in the report involved a substantial increase in remotely executed ransomware.
Oftentimes, researchers said, attackers accomplished this via unmanaged devices on a victim's network.
This attack format saw a substantial increase in the second half of 2023.
Budd said this rise can be attributed to the attacks' effectiveness against some security products.
It is no surprise that SMBs represent the lion's share of Sophos X-Ops engagements.
Organizations that lack the resources of enterprises can easily struggle with tasks such as patching regularly.
In industries where security remains an emerging area of focus, these challenges can be twofold.
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.
This Cyber News was published on www.techtarget.com. Publication date: Tue, 12 Mar 2024 21:43:09 +0000