Huntress, the Managed Security Platform for small and mid-sized businesses (SMBs) and the Managed Service Providers (MSPs) that support them, has unveiled their inaugural SMB Threat Report. This first-of-its-kind report delivers valuable insights on emerging cyber threats and tradecraft targeting SMBs, and offers critical knowledge on how businesses can defend against them.
“The threat landscape is not slowing down. Threat actors are evolving their tradecraft to significantly impact SMBs, and our goal is to educate them and give them a fighting chance against the ever-evolving adversarial landscape. The Huntress SMB Threat Report serves as the definitive guide in helping MSP security professionals know what patterns in adversary tactics and behaviors are out there and how to protect their SMB customers,” said Joe Slowik, threat intelligence manager for Huntress.
The 5 Key Takeaways:
- Conventional Malware On Its Way Out
56% of incidents in Q3 2023 were “malware-free,” as adversaries use the tactic of exploiting scripting frameworks or legitimate tools, in place of malicious software. This reveals that the era of malware-driven cyberattacks is decreasing, paving the way for the acceleration of non-malware threats.
- RMM Software Has Become a Double-Edged Sword
65% of incidents in Q3 2023 involved threat actors using credential harvesting to gain access to victim environments through remote monitoring and management (RMM) software, a lifeline for IT administrators, or using rogue deployment to install RMM tools for access.
- Business Email Compromise (BEC) is Posing a Big Problem for SMBs
64% of identity-focused incidents in Q3 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC). Another 24% of identity-focused incidents involved logons from unusual or suspicious locations. Now favored as an intrusion vector, identity-based attacks are on the rise with threat actors targeting cloud services to steal identifying information or break into business emails.
- Attackers Are Evading Detection by “Blending In”
25% of incidents saw attackers abusing built-in tools like PowerShell and WMI as an intrusion tactic. Attackers have refined the art of deception; in order to evade detection, they are attempting to hide within the noise of legitimate network operations or use living-off-the-land tactics.
- Ransomware Diversification Threatens SMBs
60% of ransomware incidents were from uncategorized, unknown, or “defunct” ransomware strains. While we often hear about headline-grabbing ransomware entities, many lesser-known ransomware strains are prevalent in the SMB space. This diversity suggests that size is no deterrent for cyberattacks, and small businesses should not underestimate the risk posed by ransomware, regardless of the strain’s notoriety.
