Huntress Quarterly SMB Threat Report

Over the past few months, the Huntress team has noticed a shift in the types of threats hitting small and medium-sized businesses (SMBs). Forget about the traditional malware tricks – Cybercriminals are now getting crafty with non-malware tactics. They’re ditching the obvious and going for the sneaky approach, using legit tools and system commands to wreak havoc. Surprisingly, a whopping 56% of the incidents Huntress tracked didn’t involve any malware at all.

What’s really catching their attention is the rise of remote monitoring and management (RMM) software being used as a backdoor into systems. In 65% of cases, the bad actors relied on RMM software for their mischievous persistence or to keep a remote eye on things after gaining access. Watch out, the game is changing!

In Q3 2023, 40% of incidents responded to by Huntress analysts were categorised as “high” or “critical” in severity.

Beyond the fancy tools, ransomware is still causing chaos everywhere, whether it’s a cosy small business or a massive enterprise. What’s intriguing is how the small business perspective gives us a different angle on ransomware – they’ve got some unique insights into how these ransomware affiliates or families work, and it’s not always the same as what happens in big corporations.

LockBit is the big player, making up a whopping 25% of the ransomware deployments Huntress has spotted. But here’s the twist: most of the ransomware action (60%) is from those uncategorised, unknown, or “defunct” strains. The ones that are either a mystery or considered retired.

Some new players like INC Ransomware and Akira popped up in Q3 2023, but when you peek from the SMB perspective, it’s mostly the familiar faces causing the headache. Except for LockBit, the others aren’t exactly household names.

Download Now