Partner Login
Search
searchclose icon
huntress logo
Huntress glitch effect
HomeNews & Press
Huntress Unveils Inaugural SMB Threat Report, Observes a Large Spike in Business Email Compromise

Huntress Unveils Inaugural SMB Threat Report, Observes a Large Spike in Business Email Compromise

November 21, 2023
Huntress glitch effect
Glitch effect
Glitch banner

Inside look at hacker trends impacting small to medium-sized businesses and the MSPs who defend them

Ellicott City, MD – November 21, 2023 — Huntress, the Managed Security Platform for small and mid-sized businesses (SMBs) and the Managed Service Providers (MSPs) that support them, unveiled their inaugural SMB Threat Report. This first-of-its-kind report delivers valuable insights on emerging cyber threats and tradecraft targeting SMBs, and offers critical knowledge on how businesses can defend against them.

“The threat landscape is not slowing down. Threat actors are evolving their tradecraft to significantly impact SMBs, and our goal is to educate them and give them a fighting chance against the ever-evolving adversarial landscape. The Huntress SMB Threat Report serves as the definitive guide in helping MSP security professionals know what patterns in adversary tactics and behaviors are out there and how to protect their SMB customers,” said Joe Slowik, threat intelligence manager for Huntress.

The 5 Key Takeaways:

  • Conventional Malware On Its Way Out

    56% of incidents in Q3 2023 were “malware-free,” as adversaries use the tactic of exploiting scripting frameworks or legitimate tools, in place of malicious software. This reveals that the era of malware-driven cyberattacks is decreasing, paving the way for the acceleration of non-malware threats.
  • RMM Software Has Become a Double-Edged Sword

    65% of incidents in Q3 2023 involved threat actors using credential harvesting to gain access to victim environments through remote monitoring and management (RMM) software, a lifeline for IT administrators, or using rogue deployment to install RMM tools for access.
  • Business Email Compromise (BEC) is Posing a Big Problem for SMBs

    64% of identity-focused incidents in Q3 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC). Another 24% of identity-focused incidents involved logons from unusual or suspicious locations. Now favored as an intrusion vector, identity-based attacks are on the rise with threat actors targeting cloud services to steal identifying information or break into business emails.
  • Attackers Are Evading Detection by “Blending In”

    25% of incidents saw attackers abusing built-in tools like PowerShell and WMI as an intrusion tactic. Attackers have refined the art of deception; in order to evade detection, they are attempting to hide within the noise of legitimate network operations or use living-off-the-land tactics.
  • Ransomware Diversification Threatens SMBs

    60% of ransomware incidents were from uncategorized, unknown, or “defunct” ransomware strains. While we often hear about headline-grabbing ransomware entities, many lesser-known ransomware strains are prevalent in the SMB space. This diversity suggests that size is no deterrent for cyberattacks, and small businesses should not underestimate the risk posed by ransomware, regardless of the strain's notoriety.

The Huntress threat ops team leverages deep intelligence data from the Huntress managed security platform to deliver unique insights that will help SMBs and their MSPs mitigate their risk and protect their businesses.

Download the full report here.

About Huntress

Huntress is a global cybersecurity company on a mission to make enterprise-grade products accessible to all businesses. Purpose-built from the ground up, Huntress' technology is specifically designed to continuously address the unique needs of security and IT teams of all sizes. From Endpoint Detection and Response (EDR) and Identity Threat Detection and Response (ITDR) to Security Information and Event Management (SIEM) tools and Security Awareness Training (SAT), the platform provides targeted protection for endpoints, identities, data, and employees, delivering trusted outcomes and valuable peace of mind.

Its 24/7, AI-assisted Security Operations Center (SOC) is powered by a team of world-renowned engineers, researchers, and security analysts, dedicated to stopping cyber threats before they can cause harm. Huntress is often the first to respond to major hacks and incidents, with its expert security team sharing real-time tradecraft analysis and actionable advisories with the community.

Currently safeguarding over 4 million endpoints and 7 million identities, Huntress empowers security teams, IT departments, and Managed Service Providers (MSPs) across the globe to protect their businesses with enterprise-grade security accessible to everyone.

As long as hackers keep hacking, Huntress keeps hunting. Learn more at www.huntress.com, and follow Huntress on XInstagramFacebook, and LinkedIn.

Contact:

press@huntresslabs.com

+1 (650) 400-7833

See Huntress in action

Our platform combines a suite of powerful managed detection and response tools for endpoints and Microsoft 365 identities, science-backed security awareness training, and the expertise of our 24/7 Security Operations Center (SOC).
Share