For SMBs, malware is surprisingly no longer the biggest cyberthreat. It is now primarily the use of legitimate software, Huntress Labs researchers find.
According to the researchers, malware is strikingly causing fewer and fewer security incidents among SMBs. In just over half of the cases studied, the incidents had a different cause.
Hackers targeting SMEs are increasingly using potential holes in existing legitimate software as attack vectors. In particular, the remote monitoring and management software that SMBs use is often abused for this purpose. In 65 of the abuse cases of this type of software, hackers managed to gain access to victims’ environments.
Ransomware often undetected
The researchers do note that in the case of ransomware, certain specific malware is still often responsible for security incidents among SMEs. This is because the many ransomware variants are not recognized by many of the enterprise security systems used by SMEs.
Furthermore, phishing is still a major problem for SMEs. Especially since hackers are increasingly delivering malicious payloads through intensive contact with employees within companies.
Rise of cloud platforms dangerous
Another major problem Huntress Labs researchers encountered is the rise of the many cloud platforms in use. This is causing SMBs to have to pay increasing attention to securing digital identities. Attacks on cloud services and identities are often an important method for hackers to gain initial access. SMBs and their service providers therefore need further understanding and security awareness beyond their own traditional network environments.
The security specialists recommend that SMBs further strengthen their security position. This includes through MFA, increased visibility into events, reducing their attack surfaces and being vigilant for new threats such as phishing via social engineering and spoofing identities.