A new report released today by managed cybersecurity platform startup Huntress Labs Inc. on threats to small to medium-sized businesses has surprisingly found that the biggest threat to them isn’t malware.

The Huntress Small and Medium-Size Business Threat Report found a continuing shift in the nature of threats against SMBs. Threat actors were found to have largely moved away from malware-focused tactics and instead focused on nonmalware mechanisms and abuse of legitimate tools and system commands in most incidents.

Of the incidents tracked in the third quarter, 56% were malware-free across multiple types of intrusions. Of particular note was the increasing use of remote monitoring and management software as an avenue of intrusion. Some 65% of incidents involved threat actors using RMM software as a method for persistence or remote access mechanisms following initial access to victim environments.

The shift presents a complex challenge for information technology administrators, who must now discern between legitimate and malicious use of the same tools and software. The report emphasizes the importance of moving toward more behavior-based threat identification and enhancing the monitoring of legitimate commands and software.

The report also delves into how the proliferation of cloud platforms and services has put a premium on securing digital identities. There is claimed to be an increasing focus by threat actors on exploiting cloud services and identity-based attacks for initial access, leading to operations ranging from information theft to business email compromise. It’s recommended that SMBs and their service providers extend their visibility and security awareness beyond traditional network perimeters.

Although malware may no longer rule the roost, the diverse ransomware ecosystem is noted as another significant challenge, with many strains not widely recognized in larger enterprise security models commonly found in SMB environments. Additionally, phishing remains a commonly used tactic to gain access to systems, as adversaries adopt new payload delivery mechanisms that require substantial user interaction.

The Huntress researchers conclude with several recommendations for SMBs, including implementing multifactor authentication, enhancing visibility into events, reducing available attack surfaces, and being vigilant about new threats, such as socially engineered phishing and identity spoofing. “Business owners and network administrators must … understand how adversaries increasingly take advantage of the very nature of modern networks and distributed environments,” the researchers note.

Image: DALL-E 3