#USA #Miami #Cybersecurity #SMBs #Guardz

Guardz Uncovers Rising Attack as a Service Trend Targeting Small Businesses on the Dark Web

In a shocking revelation, cybersecurity company Guardz has disclosed the alarming trend of cybercriminals targeting small businesses via services readily available on the dark web. Their latest research shines a light on a black-market ecosystem that has established itself, where hackers can easily offer paid access to compromised small business networks for as little as $600. This concerning trend raises significant alarm bells, especially given small businesses account for 90% of all enterprises and represent half of the global GDP.

Understanding the Dark Web Landscape

The team at Guardz, through their Research Unit, has uncovered various listings that explicitly target Small and Medium-sized Businesses (SMBs), particularly those in fields such as law and accounting. Cybercriminals exploit outdated security protocols, selling stolen login credentials, and orchestrating Ransomware as a Service (RaaS) attacks. One notably egregious offer revealed admin-level access to a law firm's network at an extraordinarily low price, exemplifying the lack of security measures many small organizations currently have in place.

Despite being critical to the economy, small businesses are disproportionally vulnerable due to a general deficiency in sophisticated cybersecurity measures. As they often lack the resources or knowledge to protect themselves adequately, they have become lucrative targets for cybercriminals looking to harvest sensitive data, including financial records and personally identifiable information (PII).

Cybercriminal Tactics on the Rise

The Guardz Research Unit reported several types of attacks gaining traction among cybercriminals:

• - Exploitation of Unpatched Vulnerabilities: Over 15% of analyzed dark web listings indicated hackers offering access through outdated vulnerabilities that had been known for years. Take the EternalBlue vulnerability, for instance, which remains unpatched in numerous devices globally, despite being disclosed in 2017.
• - Sale of Stolen Credentials: Listings for compromised Virtual Private Network (VPN) and Remote Desktop Protocol (RDP) credentials proliferate on dark web forums. For example, an auction for RDP access to an accounting firm was noted to start at $1,800. Such access not only disrupts business operations but allows cybercriminals to deploy ransomware and steal valuable data.
• - Ransomware as a Service: Guardz has identified a worrying increase in double extortion tactics in ransomware scenarios—where attackers threaten to release sensitive data publicly if their ransom demands aren't met. In one case involving a family law firm, the refusal to pay resulted in sensitive client information being leaked online, thereby causing severe reputational damage.

As a substantial majority of ransomware victims experience significant downtimes, which can lead to devastating operational impacts, the trend hints at increasingly severe repercussions for small businesses.

Protecting Small Businesses

According to Dor Eisner, the CEO and co-founder of Guardz, the emergence of cybercrime as an industry poses an immediate threat to small businesses. “Hackers can disrupt operations, hold data hostage, and compromise entire livelihoods for just a few hundred dollars,” he stated. He emphasizes the necessity for small enterprises to undertake basic security measures, including regular patch management and robust credential policies.

Guardz advocates for proactive cyber protection approaches, proposing essential strategies such as:

• - Strong Credential Management Practices: Ensuring that organizations deploy multi-factor authentication and maintain updated security protocols.
• - Secure Backups of Important Data: Regularly scheduled backups can help organizations recover quickly from breaches.
• - Collaboration with Trusted Managed Service Providers (MSPs): Engaging with MSPs can enhance an organization’s cybersecurity defenses, leveraging their expertise and state-of-the-art tools to combat emerging cybersecurity threats.

Guardz is actively working with affected entities to mitigate these risks. They monitor dark web threats and credential leaks for SMBs, tracking patterns to stay ahead of potential attacks.

With its groundbreaking AI-powered platform, Guardz enables MSPs to deliver a comprehensive cybersecurity service that features automated threat detection and risk mitigation across various channels—from emails to data storage solutions—all from a centralized interface.

In the increasingly hostile digital landscape, it becomes imperative for small businesses to prioritize cyber protection measures to secure their operations and protect their clients' trust. Guardz not only addresses the current threats but supports small enterprises in navigating the challenging cybersecurity landscape to foster both resilience and growth.