Threat Landscape Insights – Small and Mid-Sized Organizations Advance to the First Line of Fire
New Threat Trends
Crossing-checking various independent threat reports reveals that 2018 featured a trend of increasing attacks on small and mid-sized companies. A good example is this quote from research by 4iq:
“In 2018, criminals shifted their focus from large corporations to SMALL BUSINESSES, resulting in the discovery of almost four times as many breaches than in 2017, which represents a 424% increase from 2017.”
What’s even more interesting is that this trend goes hand-in-hand with an increase of data compromised data records, circulating across the web – a 71% increase from 2017.
Two Types of Cyber Attacks
Why is it interesting? To understand this, let’s zoom out for a minute and reflect on two types of cyber attacks:
- Type A: we can call these ‘hit and run,’ or ‘hit and stay.’ These are one-step attacks in which the compromised endpoint is the goal. Prominent examples are ransomware, banking trojans and crypto-miners. Attacks from this group are typically social engineering causing a victim to run malicious code on his endpoint. Once the code runs, the attacker has achieved his objective.
- Type B: we can name this group ‘hit and expand.’ In these attacks, the initially compromised endpoint is not a goal in itself, but rather a stepping stone into other hosts or servers in the target environment. Attackers in this group seek sensitive data to exfiltrate. Such data rarely resides on the first compromised endpoint, which compels the attacker to compromise additional hosts and user accounts within the environment in order to gain access to desired data.
The New Rise of Type B Attacks
Type A attacks have long been subject to mass commoditization in the form of exploit kits and numerous cyber-crime campaigns. However, Type B, until lately, were associated with more advanced attackers that could muster and utilize capabilities that were advanced enough to bypass common prevention measures and manually conduct post-compromise activities including reconnaissance, credential theft, lateral movement and data exfiltration, resulting in much higher damage potential.
The steep rise in the number of compromised data records implies that Type B attacks have begun to follow Type A attacks in terms of commoditization and scope. If previously attackers would not bother to perform a Type B attack on companies below a certain size, the automation of publicly available attacking tools has disrupted the equation and made such attacks profitable. This expands the exposure to Type B attacks so that they no longer affect only large enterprises, but now companies of any size.
Proactive Protection Actions – Gain Threat Visibility
What does this mean in practice? Organizations must acknowledge that regardless of their size, they have data that threat actors seek, and the first step is to gain robust threat visibility. They must be able to verify both if there are any exposed attack surfaces in the form of software vulnerabilities or risky user accounts, and if there are existing active threats within the environment.
Cynet has launched a free threat assessment offering for companies with 500 endpoints and above, providing full visibility within 72-hours to what’s secure and what’s at risk in the assessed environment.