Proofpoint security researchers have identified increasing attacks on small and medium businesses (SMBs) and their service providers. These attacks come from a variety of APTs linked to Russia, Iran, and North Korea. SMBs have lackluster cybersecurity relative to large companies and rarely have dedicated security teams. Proofpoint notes this makes these businesses easy targets for malware attacks.
Well-funded APTs use cyber attacks to conduct espionage, steal intellectual property, promote disinformation campaigns, and steal financial information. SMBs with links to relevant industries are likely targets. APTs have noted the lessened security in smaller businesses and use these companies as gateways to more desirable end user environments. This occurred in early 2023 when Iranian APTs targeted two Israeli Managed Service Providers (MSPs) and IT support companies with phishing emails. MSPs and technology providers are targeted with supply chain attacks which also impact downstream SMBs.