|
Guardz Uncovers Rising Attack as a Service Trend Targeting Small Businesses on the Dark Web
Friday, March 7, 2025
For as little as $600, hackers-for-hire are offering full access to small businesses--exploiting outdated security gaps with alarming ease, according to findings from the Guardz Research Unit.
MIAMI, Feb. 27, 2025 /PRNewswire/ -- Guardz, the cybersecurity company empowering MSPs and IT professionals to deliver comprehensive, AI-native cyber protection for small businesses, today revealed alarming cybercriminal activity targeting small businesses on the dark web, shedding light on a growing trend. A recent investigation conducted by the Guardz Research Unit (GRU) uncovered dark web listings offering to target SMBs, especially law and accounting firms, by exploiting unpatched vulnerabilities, selling stolen credentials, and performing ransomware as a service (RaaS) attacks. One particularly egregious listing offered admin-level access to a U.S. law firm's network for the devastatingly low price of $600.
Small businesses - which comprise 90% of all businesses and contribute 50% of the world's GDP - are the backbone of the global economy. Despite their critical role, they often lack crucial cybersecurity protections and are thus disproportionately vulnerable to the growing number of cyberattacks targeting them. This makes them attractive targets for cyber criminals, who seek their sensitive and lucrative data, such as financial records, legal documentation, and personally identifiable information (PII). Further compounding this growing trend of Attack as a Service tools being sold on the dark web, launching these attacks has become easier and cheaper than ever, with cybercrime tools, stolen credentials, and ransomware services readily available on the dark web at shockingly low prices. As a result, cybercriminals are treating small businesses like goldmines - because they can.
Evidencing this growing trend, the Guardz Research Unit found alarming 'deals' on the dark web, where hackers are essentially running a black-market economy for stolen small business data and ransomware services. Here's what's being sold:
-- Exploitation of unpatched vulnerabilities: Over 15% of the hundreds of
dark web listings analyzed by Guardz offered access to organizations
through vulnerabilities that were disclosed years ago. This includes the
EternalBlue flaw in Windows' Server Message Block protocol, which -
despite being disclosed in 2017 - remains unpatched on many devices
globally.
-- Sale of stolen credentials: Dark web forums are rife with listings
advertising access to small business networks through compromised Remote
Desktop Protocol (RDP) and Virtual Private Network (VPN) credentials.
One such post uncovered by Guardz offered admin-level RDP access for an
accounting firm being auctioned for the price of $1,800; elsewhere,
lower-level credentials are being sold for as little as $300. Once
they've gained access, cybercriminals can not only disrupt operations
for extended periods of time, but also deploy ransomware, steal and sell
data, launch fraudulent transactions, set up persistent access for
future exploits, and more.
-- Ransomware as a service: Guardz found that cyber attackers are
increasingly employing double extortion methods, threatening to release
sensitive data if ransoms are not paid. One uncovered case involved a
family law firm, where refusal to pay resulted in the public release of
sensitive client information on a dark web 'hall of shame' site, causing
irreparable reputational damage. With 94% of ransomware victims
experiencing significant downtime, the consequences for small businesses
of such attacks are often devastating, impacting operations and
long-term survival.
"Cybercrime has become an industry of its own, and enterprises are no longer the sole or main targets; small businesses are its new favorite victims - whether they realize it or not. For just a few hundred dollars, hackers can gain and share access to company systems, hold data hostage, or disrupt operations, putting entire livelihoods and businesses at risk," said Dor Eisner, CEO and co-founder of Guardz. "By closing basic security gaps, embracing proactive threat detection and other automated responses, and increasing awareness among employees, small businesses can protect their operations, preserve client trust, and safeguard their success in an increasingly hostile digital landscape."
Guardz's latest findings underscore the urgent need for small businesses to prioritize cybersecurity. Regular patch management, the implementation of strong credential policies, and the use of multi-factor authentication are some of the critical steps to reducing vulnerabilities. Additionally, maintaining secure backups of critical data and partnering with trusted Managed Service Providers (MSPs) - whose expertise and advanced tools empower small businesses to combat emerging threats - are essential for navigating today's complex and evolving cybersecurity landscape. Guardz has alerted the affected companies to potential risks and continues to collaborate with its MSP partners and the broader MSP community to monitor dark web threats, identify leaked small business credentials, and track emerging trends.
Guardz is at the forefront of protecting small businesses from these emerging threats. Its unified, AI-powered platform enables MSPs to deliver comprehensive cybersecurity, including automated threat detection, mitigation, and remediation across identities, endpoints, emails, cloud, and data, all managed from a single user-centric interface. These capabilities are specifically designed to help small businesses stay ahead of evolving threats and mitigate risks before they result in devastating breaches.
For more information about Guardz's findings and the proactive measures small businesses can take to protect themselves, read the full blog post here.
About Guardz
Guardz provides MSPs and IT professionals with an AI-powered cybersecurity platform designed to secure and insure SMBs against cyberattacks. The Guardz platform offers automatic detection and response, protecting users, emails, devices, cloud directories, and data. By simplifying cybersecurity management, Guardz enables businesses to focus on growth without being bogged down by security complexities. The company's scalable and cost-effective pricing model ensures comprehensive protection for all digital assets, facilitating rapid deployment and business expansion.
Media Contact
Allison Grey
allison@headline.media
+1 323 283 8176
View original content:https://www.prnewswire.com/news-releases/guardz-uncovers-rising-attack-as-a-service-trend-targeting-small-businesses-on-the-dark-web-302387201.html
SOURCE Guardz
|
|
|
|
|
|
 |
4BY4 to Showcase AI Video Solution 'PIXELL' at NAB 2025 with 8K Association | Mar 28, 2025
|
|
Halfpricesoft.com Launches ez1095 ACA Software: Streamline 1095 Efiling | Mar 28, 2025
|
|
SonicWall's Zero Trust Network Access (ZTNA) Solutions Driving Success Tackling 2025's Biggest Cybersecurity Challenges | Mar 28, 2025
|
|
Innovative Control Systems Introduces New AI-Powered License-Plate Recognition Solution | Mar 28, 2025
|
|
AI Demand Fuels Server and Storage Component Revenues to Record $244 Billion in 2024, According to Dell'Oro Group | Mar 28, 2025
|
|
TerraMaster Launches D4-320U Ultra-Short 4-Bay Rackmount USB3.2 10Gbps Expansion Enclosure, Enabling Easy Expansion for NAS and Servers | Mar 28, 2025
|
|
QuickLogic Announces the Amendment and Extension of Credit Facility | Mar 28, 2025
|
|
Crypto4A Technologies Submits PQC-Capable QASM for FIPS 140-3 Level 3 Certification | Mar 28, 2025
|
|
365 Retail Markets Unveils Refreshed 365Pay App, Enhancing User Experience and Streamlining Operations | Mar 28, 2025
|
|
Introducing PDW SIM, a Next-Generation Flight Simulator for Tactical Small Unmanned Aircraft Systems | Mar 28, 2025
|
|
|
|
