State-sponsored hackers are diversifying tactics, targeting small businesses

State-sponsored threat actors are increasingly shifting their focus towards SMBs and smaller enterprises, according to new research.

While large enterprises, public services, and critical national infrastructure have traditionally been key targets for state-sponsored threat actors, SonicWall’s 2023 Cyber Threat Report predicted that groups will ‘diversify’ their tactics in 2023 to target SMBs and a “broader set of victims”.

SonicWall CEO Bob VanKirk said the increased targeting of SMBs and small enterprises represents an alarming shift among threat actors.

“The past year reinforced the need for cyber security in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” he said.

“While organisations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”

Cyber threats against small businesses have been rising steadily in recent years amidst an increasingly perilous global threat landscape.

Brian Martin, Head of Product and Innovation at Integrity360 said SMBs are an attractive target for threat actors because they “typically have less security focus and budget available, hence a less mature cyber security programme in place”.

“This means they are easier to breach, due to lack of security awareness and training, unpatched or out-of-date systems and infrastructure, and weak or missing protective controls in place to protect their data and their infrastructure,” he added.

Research from Close Brothers last year found that nearly half of UK-based SMBs suffered a cyber attack, with more than half (54%) suffering a financial loss.

A recent study from Vodafone highlighted this growing risk for small businesses, noting that more than half (54%) experienced “some form” of cyber attack across 2022, marking a significant increase from 2020.

Almost one in five of SMBs polled by the company said that a cyber attack would cost their business up to £4,200 on average, highlighting the potentially devastating impact on smaller firms during a period fraught with economic uncertainty.

Yet despite the financial and reputational damage faced by small businesses subject to cyber attacks, Vodafone’s research found that nearly one-fifth (18%) of businesses polled said their business was not protected by cyber security software.

In addition, 5% said they did not know if they had protection at all while only 28% were aware of the UK government’s Cyber Essentials scheme, which provides vital security advice and tips for businesses.

Evolving cyber crime landscape

The shift towards targeting SMBs coincides with a 21% decline in the overall volume of ransomware attacks, a frequent go-to method for threat actors in recent years, the report also revealed.

SonicWall's findings echo those of other cyber security vendors, which have mostly agreed in their respective threat reports that ransomware detections dropped during the last year.

Global malware attacks increased by 2% last year using more than 400,000 unique variants, marking the first increase in this attack method since 2018.

IoT malware and cryptojacking methods also jumped by 87% and 43% respectively as threat actors have “embraced slower and more stealthy approaches to achieve financially motivated cyber attacks”.

“In addition to cyber attacks becoming more sophisticated and covert, threat actors are showing clear preferences for certain techniques, with notable shifts towards weak IoT devices, cryptojacking, and potentially soft targets like schools and hospitals,” the report added.

Research into the exploitation of Log4Shell, the vulnerability in the widely used Apache log4j Java logger discovered in December 2021, showed that more than 1 billion attempts were made to exploit the vulnerability across the world in 2022.

When first discovered, the vulnerability was thought to be one of the most dangerous in years. In the months following, fears were largely allayed as the rate of successful exploitation was much lower than previously feared, in part due to effective patches released quickly.