Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Remote monitoring and management software has been leveraged to facilitate persistence in 65% of incidents during the same period, a report from Huntress Labs revealed. Intrusions involving cloud and identity exploitation to enable business email compromise and data exfiltration attacks have also become increasingly prevalent while phishing and ransomware attacks continue to be popular among threat actors.
Such trends should prompt SMBs to not only adopt multifactor authentication and bolster event visibility but also curb attack surfaces. Novel cybersecurity threats, including identity spoofing and socially engineered phishing attacks, should also be top of mind among SMBs, according to Huntress Labs.
"Business owners and network administrators must understand how adversaries increasingly take advantage of the very nature of modern networks and distributed environments," said researchers.
Without the need for specialized audio equipment to conduct PIXHELL, threat actors could leverage social engineering and software supply chain attacks to distribute covert data exfiltration channel-triggering malware that would create an acoustic channel for the data.
Russian state-sponsored threat group Coldriver has been suspected by the Free Russia Foundation of being behind the intrusion, which involved the targeting of several entities to exfiltrate internal documents, grant reports, and other correspondences in retaliation against pro-democracy Russians
Simultaneous target infiltration and reconnaissance, network compromise, and data exfiltration activities have been performed by Clusters Alpha, Bravo, and Charlie, respectively.