Huntress Small and Medium Business Threat Report 2023

Keypoints

• Annual cybersecurity reports from major vendors typically consist of sections like executive summaries, threat trend analyses, attack techniques, and defensive guidance, providing comprehensive insights into evolving threats.
• Key statistics reveal that in Q3 2023, 56% of SMB incidents were malware-free, with adversaries frequently abusing legitimate tools like RMM software (used in 65% of cases) to establish persistence and evade detection.
• Notable trends include a decline in reliance on custom malware, an increase in leveraging built-in system commands and legitimate remote access tools, and diversified ransomware families, particularly LockBit.
• Attack techniques predominantly focus on credential theft, living-off-the-land binaries (LOLBins), and exploiting external-facing vulnerabilities, highlighting the importance of behavior-based detection strategies.
• The reports underscore the rising threat of identity-focused attacks, such as business email compromise, and the exploitation of cloud services, urging SMBs to extend security measures beyond traditional network boundaries.
• Emerging adversary behaviors include leveraging phishing with malicious file payloads, social engineering, and malware like DarkGate, as well as maintaining persistent access through hijacked remote management tools and process chains.
• Defensive recommendations stress implementing multi-factor authentication, enhancing visibility across all systems and third-party services, and adopting a layered defense-in-depth approach to mitigate current complex threats.