2024 Sophos Threat Report Reveals Data and Credential Theft as Top Threats to Firms

Cyber criminals are increasingly targeting data in a new trend emerging in the cyber security space, a new survey – 2024 Sophos Threat Report has shown.

The report by cybersecurity services firm Sophos, sheds light on the prevalent dangers faced by small- and medium-sized businesses (SMBs) in the digital landscape.

The 2024 Sophos Threat Report titled “Cybercrime on Main Street,” the report underscores the significant threats looming over SMBs, with a focus on the year 2023.

According to the report, a staggering 50 percent of malware detected targeting SMBs comprised keyloggers, spyware, and stealers – malicious software designed to pilfer data and credentials.

Cybercriminals employ these tactics to gain unauthorized access, extort victims, deploy ransomware, and execute various nefarious activities.

Christopher Budd, director of Sophos X-Ops research at Sophos, emphasized the exponential rise in the value of ‘data’ as currency among cybercriminals, particularly emphasizing its impact on SMBs.

Budd illustrated a scenario wherein attackers infiltrate a network using an infostealer, subsequently obtaining crucial credentials such as those for accounting software.

2024 Sophos Threat Report – financial losses

With access to financial data, cybercriminals can redirect funds to their accounts, highlighting the dire consequences of data theft for SMBs.

Sophos X-Ops director Christopher Budd, said that there’s reason why more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft

“The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation,” said Budd.

Read Also: Sophos Unveils Partner Care to Support Its Customers

Furthermore, the report delves into the realm of initial access brokers (IABs), specialists in breaching computer networks. These criminals leverage the dark web to advertise their services, offering access to compromised SMB networks or selling pre-compromised access to interested parties.

“For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts,” added budd.

Ransomware Continues to Plague SMBs

Despite stabilization in the number of ransomware attacks against SMBs, Sophos identifies ransomware as the most significant cyber threat to this demographic. Sophos Incident Response (IR) data reveals LockBit as the predominant ransomware gang, followed by Akira and BlackCat. Additionally, SMBs faced threats from older ransomware variants like BitLocker and Crytox.

The report highlights evolving ransomware tactics, including the use of remote encryption and targeting managed service providers (MSPs). Notably, between 2022 and 2023, the incidence of ransomware attacks involving remote encryption surged by 62%. Moreover, Sophos’s Managed Detection and Response (MDR) team responded to five cases wherein SMBs fell victim to exploits in their MSPs’ remote monitoring and management (RMM) software.

Sophisticated Social Engineering and BEC Attacks

Beyond ransomware, the Sophos report underscores the rising prominence of business email compromise (BEC) attacks. These attacks, alongside other social engineering campaigns, exhibit increased sophistication, transcending traditional spam prevention measures.

Attackers now engage in prolonged interactions with targets, employing conversational emails and even resorting to phone calls to enhance their efficacy. In a bid to evade detection, cybercriminals experiment with novel formats for malicious content, embedding codes within images or employing unconventional attachment formats like OneNote or archives.

One notable case outlined in the report involves attackers sending a PDF document with a deliberately blurred invoice thumbnail, concealing a link to a malicious website within the download button.

For comprehensive insights into cyber threats targeting SMBs, Sophos recommends referring to the 2024 Sophos Threat Report: Cybercrime on Main Street, available on Sophos.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Trusted AI Needs a Human at the Helm

Wed Mar 13 , 2024
Share on Facebook Tweet it Share on Reddit Pin it Share it Email By Linda Saunders, Salesforce Director, Solution Engineering Africa AI promises to make our jobs easier, our work more productive, and our businesses more valuable. In fact, new research from Slack finds that 80% of employees using generative AI tools are experiencing […]

You May Also Like

Chief Editor

Jacktone Lawi

Meet Jacktone Lawi, a seasoned technology journalist with years of experience in the industry. I have developed my passion for technology during my formative years, which has been instrumental in shaping my career trajectory. My expertise lies in reporting on emerging technologies and their impact on businesses and consumers worldwide. Through my experience I’m well-versed in covering topics such as artificial intelligence, blockchain, cybersecurity, cloud computing, and digital transformation, among others. Throughout my career, I have has demonstrated an exceptional ability to distill complex technical information into accessible and engaging content that resonates with my readers. My writing style is clear, concise, and informative, allowing me to communicate even the most technical concepts to a broad audience. Beyond my writing skills, I have also become known for extensive network of industry contacts and ability to secure exclusive interviews with high-profile figures in the technology world. These connections have enabled me to gain unique insights into the latest trends and developments in the field, giving me a competitive edge in my reporting. In addition to my work as a journalist, I’m also actively engaged in the broader technology community. Where I regularly attend conferences and events, share insights and stays up-to-date on the latest innovations in the industry. Overall, my wealth of experience as a technology journalist have given me a deep understanding of the industry and its impact on society.

Quick Links