Highlights:
- In a striking revelation, the report indicates that 65% of incidents involved threat actors employing Remote Monitoring and Management (RMM) software to maintain persistence or establish remote access mechanisms after initial access to victim environments.
- Threat actors increasingly focus on exploiting cloud services and launching identity-based attacks to gain initial access.
A recent report by Huntress Labs Inc., a startup specializing in managed cybersecurity platforms, surprisingly revealed that the biggest threat to small to medium-sized businesses is not malware.
The Huntress Small and Medium-Size Business Threat Report highlights an ongoing shift in threats faced by SMBs. The report indicates a notable trend where threat actors have predominantly shifted away from malware-centric tactics. Instead, they increasingly rely on non-malware mechanisms and exploit legitimate tools and system commands in most incidents.
In the incidents monitored during the third quarter, 56% were identified as malware-free, spanning various intrusions. Significantly noteworthy was the rising trend of utilizing remote monitoring and management software as a means of intrusion. In a striking revelation, the report indicates that 65% of incidents involved threat actors employing Remote Monitoring and Management (RMM) software to maintain persistence or establish remote access mechanisms after initial access to victim environments.
This shift poses a complex challenge for information technology administrators, as they now face distinguishing between the legitimate and malicious use of the same tools and software. The report underscores the significance of transitioning towards behavior-based threat identification and improving the monitoring of legitimate commands and software.
The report further explores how the widespread adoption of cloud platforms and services has heightened the importance of securing digital identities. Threat actors increasingly focus on exploiting cloud services and launching identity-based attacks to gain initial access. This trend has resulted in operations from information theft to business email compromise. A recommendation is made for SMBs and their service providers to broaden their visibility and enhance security awareness beyond traditional network perimeters.
While malware may no longer dominate the landscape, the report highlights the diverse ransomware ecosystem as another notable challenge. Many strains are not widely recognized in the larger enterprise security models commonly found in SMB environments. Furthermore, the report underscores that phishing continues to be a commonly employed tactic for gaining access to systems. Adversaries adapt by adopting new payload delivery mechanisms that necessitate significant user interaction.
The researchers at Huntress conclude with several recommendations for SMBs. These include implementing multifactor authentication, improving event visibility, minimizing available attack surfaces, and maintaining vigilance against emerging threats such as socially engineered phishing and identity spoofing. The researchers wrote, “Business owners and network administrators must … understand how adversaries increasingly take advantage of the very nature of modern networks and distributed environments.”