Dive Brief:
- Small- to medium-sized businesses confronted more targeted phishing attacks from advanced persistent threat actors globally during the past year, Proofpoint researchers said in a report released Wednesday.
- The type of SMBs APT groups attacked are broad, but Proofpoint observed an uptick in attacks against regional managed service providers, which could lead to secondary supply chain attacks impacting hundreds of downstream victims.
- “SMBs have historically held smaller cybersecurity budgets than enterprise environments and in certain circumstances, SMBs handle key areas of interest for state-aligned phishing attacks,” Michael Raggi, staff threat research engineer at Proofpoint, said via email.
Dive Insight:
The report, which pulls analysis from Proofpoint's telemetry of more than 200,000 SMBs between the first quarters of 2022 and 2023, underscores a persistent threat confronting organizations that cyber authorities describe as target rich and resource poor. Proofpoint didn’t provide figures to compare attack activity on a year-over-year basis.
APT actors compromised SMB infrastructure to host or deliver malware via phishing campaigns to targeted U.S. and European government entities and financial institutions, the research found.
Proofpoint researchers also observed a higher level of APT actors targeting vulnerable regional managed service providers to initiate supply chain attacks.
“An increasing focus on federated access and the upstream providers of end-targeted entities is a logical trend to become prominent following the high profile supply chain attacks observed in previous years, including SolarWinds,” Raggi said.
“Rather than seeing a completely novel occurrence in this regard,” Raggi said, “threat actors appear to be scaling existing tactics seen in enterprise targeting phishing campaigns for less robust SMB environments.”
The researchers observed APT groups aligned with Russia, Iran and North Korea targeting SMBs for state-sponsored financial theft, espionage, intellectual property theft, destructive attacks and disinformation campaigns.