2
            Only 14% of SMBs reported feeling that their cyber attack and risk mitigation plans were highly effective
            Around 43% of SMBs do not have any cybersecurity  plan in place and 52% don’t have any IT security
                            3
            experts in-house
            Proof points on the evolving tactics, techniques,  and procedures (TTPs) used against these companies
            are  becoming  easier  to  find.  And  while  cyber  threats  bring  a  unique  level  of  uncertainty  to  the  SMB
            segment, one thing is for sure. The SMB segment represents the ideal environment for getting new TTPs
            “over the threshold” to become effective in larger enterprise environments.




            A Low Bar to Entry

            There are a lot of reasons that even  small businesses  can attract attackers.  SMBs  may fall below the
            ideal  seat count,  budgetary  zone,  or other  parameters  for leading  cybersecurity  solutions  or services,
            leaving them  especially susceptible  to threats a larger enterprise  may be capable of quashing.  What’s
            more, SMBs often lack in-house expertise or strong planning for a response.

            In industries from manufacturing to healthcare, this SMB threat is playing out before our eyes in headlines
            and offices across the country. One example we’ve seen in Huntress research revolves around industrial
            manufacturing—particularly  government contractors, often so small they may only have 5-10 employees.
            When  a  government  contractor  bids  on  and  secures  contracts  in  that  space,  it  is  publicly  available
            information  and can  draw  the eye  of threat  actors.  If  an attacker  can  use  legitimate  tools  like  remote
            monitoring and management (RMM) software, a trend we noticed in 2023 at Huntress, they can be hidden
            in such an SMB’s system and ready to unleash chaos at a moment’s notice.

            With smaller businesses and smaller budgets for hardening systems against attackers, threat actors see
            the  ideal  “easy  prey”  they’re  looking  for  to  leverage  legitimate  tools,  remain  hidden,  and  build  their
            campaigns  before deploying  in larger enterprises. Whether by using a ScreenConnect  vulnerability like
            we saw plaguing businesses  in early 2024 or other tools like Cobalt Strike, it’s clear that SMBs must be
            on the watch for malicious entities operating within their legitimate systems and tools.



            Use, Discard. Rinse, Repeat.

            What’s so frustrating  for teams like the one I lead at Huntress,  is how  SMBs are targeted  and sustain
            widespread  financial and reputational damage.  Then, just as quickly as the threat arrives, it may move
            on to larger enterprises who stand a much better chance of surviving the attack. We’ve seen this pattern
            take  place  in  smaller  healthcare  settings,  another  prime  target  Huntress  observed  malicious  threats
            plaguing in 2023 and into 2024.

            In the February 2024 hack of Change Healthcare, a smaller subsidiary of healthcare giant UnitedHealth,
                                           4
            a lack of basic security controls  led to the disruption  of healthcare  systems across  the country.  And it
            began in the same place many SMB attacks do: a lack of good security controls, and not enough expertise
            to know where they were lacking. Change Healthcare’s technology—which  is used to process billions of






            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          50
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.