Security researchers at Proofpoint have spotted signs of advanced threat actors targeting small- and medium-sized businesses and the service providers in that ecosystem.
In a new report, the researchers warned of a series of escalating threats to SMBs from well-resourced APT groups and called attention to the risk of supply chain attacks from compromised managed service providers.
The warning from Proofpoint is particularly distressing because small- and medium-sized businesses often lack dedicated security teams and are considered sitting ducks for malware attacks.
The company identified three prominent trends: compromised SMB infrastructure being used in malicious phishing campaigns, regional SMB targeting by state-affiliated actors for financial theft, and the targeting of regional Managed Service Providers (MSPs) for downstream supply chain attacks.
According to data examined by Proofpoint, the APT actors specifically targeting SMBs include threat actors aligned with the Russian, Iranian, and North Korean state interests.
“These skilled threat actors are well-funded entities associated with a particular strategic mission that can include espionage, intellectual property theft, destructive attacks, state-sponsored financial theft, and disinformation campaigns. While more rare and often much more targeted than cybercrime activity, Proofpoint data indicates that APT actors remain interested in SMB targets that align with their broader mandates,” the company said.
“This means that some of the most formidable cyber threat actors in the landscape maintain an interest in targeting businesses that are commonly under-protected against cyber security threats such as phishing campaigns,” Proofpoint added.
The report also flagged a noticeable trend of APT actors targeting regional MSPs to initiate and facilitate supply chain attacks.
“APT actors appear to have noticed this disparity between the levels of defense provided and the potential opportunities to gain access to desirable end user environments,” Proofpoint said, pointing to a notable case occurred early 2023 when TA450, attributed to Iran’s Ministry of Intelligence and Security, targeted two Israeli regional MSPs and IT support businesses via a phishing email campaign.
The data shows that Iranian-based APT groups are focused on targeting regional technology providers to gain access to downstream SMB users via supply chain attacks originating against vulnerable regional MSPs.
Related: Ransomware Attack Confirms MSPs Are Prime Targets
Related: Symantec: Chinese APT Group Targeting Global MSPs
Related: Chinese Hackers Spy on U.S. Law Firm, Major Norwegian MSP
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure
- Researchers Spot APTs Targeting Small Business MSPs
- Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
- Red Hat Pushes New Tools to Secure Software Supply Chain
- Investors Make $6M Bet on Manifest for SBOM Management Technology
- Entro Raises $6M to Tackle Secrets Sprawl
- IBM Snaps up DSPM Startup Polar Security
- Huntress Closes $60M Series C for MDR Expansion
Latest News
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
