BEC attacks are a big problem for SMBs
A new report from managed security platform Huntress shows that 64 percent of identity-focused incidents at SMBs in the third quarter of 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC).
Another 24 percent of identity-focused incidents involved logons from unusual or suspicious locations. Now favored as an intrusion vector, identity-based attacks are on the rise with threat actors targeting cloud services to steal identifying information or break into business emails.
"The threat landscape is not slowing down. Threat actors are evolving their tradecraft to wreak havoc on SMBs and our goal is to educate them and give them a fighting chance against the ever-evolving adversarial landscape. The Huntress SMB Threat Report serves as the definitive guide in helping MSP security professionals know what patterns in adversary tactics and behaviors are out there and how to protect their SMB customers," says Joe Slowik, threat intelligence manager for Huntress.
The report also shows that 56 percent of incidents in Q3 were 'malware-free', as adversaries use the tactic of exploiting scripting frameworks or legitimate tools, in place of malicious software. This reveals that the era of malware-driven cyberattacks is decreasing, paving the way for the acceleration of non-malware threats.
While we often hear about headline-grabbing ransomware entities, many lesser-known ransomware strains are prevalent in the SMB space. 60 percent of ransomware incidents were from uncategorized, unknown, or 'defunct' ransomware strains.
Attackers are improving the art of deception in order to evade detection too, they are attempting to hide within the noise of legitimate network operations or use living-off-the-land tactics. 25 percent of incidents have seen attackers abusing built-in tools like PowerShell and WMI as an intrusion tactic.
The full report is available from the Huntress site.