Security News > 2023 > November > SMBs face surge in “malware free” attacks
"Malware free" attacks, attackers' increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and medium businesses faced in Q3 2023, says the inaugural SMB Threat Report by Huntress, a company that provides a security platform and services to SMBs and managed service providers.
Attackers deployed malware in 44% of cases, but the remaining 56% of incidents included use of "Living off the land" binaries, scripting frameworks and remote monitoring and management software.
"In 65% of incidents, threat actors used RMM software as a method for persistence or remote access mechanisms following initial access to victim environments," they said.
Notably, 64% of identity-focused attacks SMBs faced in Q3 2023 involved malicious forwarding or other inbox rules, while 24% were associated with logons from unusual or suspicious locations.
60% of ransomware incidents affecting SMBs were attributed to uncategorized, unknown, or "Defunct" ransomware strains.
"Whether for monetization purposes through ransomware or BEC, or potentially even state-directed espionage activity, SMBs remain at risk from a variety of entities," the researchers added.
News URL
https://www.helpnetsecurity.com/2023/11/28/smbs-attacks-q3-2023/
Related news
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)