In 2024, a report highlighted that small businesses are increasingly becoming targets for cybercrime, with ransomware posing a significant threat. The report indicated that ransomware cases accounted for a substantial portion of incidents for small and midsized organizations. Specifically, ransomware cases made up 70 percent of Sophos Incident Response cases for small businesses and over 90 percent for midsized organizations.
While there was a slight decline in ransomware attacks overall, the cost of these attacks has continued to rise. This increase in cost was outlined in Sophos’ State of Ransomware report. Additionally, new tactics and practices have emerged in the cybercrime landscape, with compromised network edge devices and software-as-a-service platforms being targeted for malicious activities.
One of the key drivers of cybercrime was business email compromise, which was leveraged for various criminal purposes such as malware delivery, credential theft, and social engineering. The phishing of credentials with multifactor authentication tokens was identified as a constantly evolving threat.
Moreover, fraudulent applications carrying malware and scams through SMS and messaging applications also posed mobile threats to small and midsize businesses. Other less-technical threats leveraging the network continued to evolve with evolving patterns of scams to target small businesses.
The report emphasized the importance of understanding the trends in cybercriminal attack patterns faced by small and midsized organizations. It provided insights into the most frequently encountered malware and abused software in endpoint detections and incidents.
The data used for the report analysis came from customer reports, incident data, and telemetry collected in the 2024 calendar year. The report focused on data specific to small and midsized organizations, highlighting the need for deploying multifactor authentication for all user accounts and auditing devices used for remote connection regularly.
One of the notable trends observed in cybercrime techniques was the emergence of Security Threat Activity Clusters (STACs), which represented shared playbooks used by threat actors across multiple incidents. These STACs were tracked as campaigns and focused on specific patterns of behavior, tactics, tools, and procedures used by cybercriminals.
The report also delved into the use of artificial intelligence by cybercriminals for social engineering tasks, phishing emails, and malicious software development. Adversarial AI usage and the adoption of new techniques such as quishing campaigns targeting organizations were also highlighted.
In conclusion, the report underscored the need for small and midsized organizations to adopt a defense-in-depth approach to cybersecurity, covering aspects such as passkeys for account credentials, multifactor authentication, regular patching of edge devices, and monitoring of external attack surfaces. By following these steps, organizations can reduce their risk profile and better protect themselves against evolving cyber threats.