SMB Cybersecurity: Navigating the Rising Tide of Threats in 2025

The cybersecurity landscape in 2024 has seen significant shifts, with SOHOs and Small-to-Medium Businesses (SMBs) facing an increasingly complex and challenging threat environment. While large corporations often dominate the headlines, the reality is that SOHO and SMBs are also prime targets for cybercriminals, and often lack the resources to defend themselves adequately. This blog post highlights the key threats and trends from 2024 that are particularly relevant to smaller organizations, drawing on recent cybersecurity reports .

The Evolving Threat Landscape

In 2024, several trends have converged to create a perfect storm for SOHO and SMB cybersecurity:

Infostealers on the Rise: Infostealers have become a major threat. These malicious programs steal sensitive data like passwords, cookies, and autofill information from browsers, as well as cryptocurrency wallet details and session data from messaging apps . They often spread through a “spray-and-pray” approach, targeting personal devices, which are then used to access corporate networks . Over 70% of devices infected by infostealers are personal devices, not corporate ones . This is particularly concerning for SMBs with Bring Your Own Device (BYOD) policies, where personal devices are used to access work resources.
Ransomware‘s Continued Impact: Ransomware remains a significant threat. While large groups like LockBit and ALPHV have seen disruptions, smaller groups like RansomHub, Akira, and Play have emerged, creating a more fragmented landscape. The healthcare sector was hit particularly hard, as attackers increasingly targeted healthcare entities for data extortion. However, with ransomware-as-a-service (RaaS) operations becoming commoditized, more actors are able to launch their own attacks .
Edge Device Exploitation: SOHO routers, firewalls, and VPN appliances are attractive targets due to their lack of dedicated security solutions. Cybercriminals and state-sponsored actors have increasingly exploited these devices for initial access to networks . Vulnerabilities in devices like Ubiquiti routers and cameras were widely exploited, allowing attackers to gain unauthorized access. The exploitation of these devices also often leads to setting up an anonymization infrastructure known as Operational Relay Boxes (ORBs).
Cloud Complexity: Many SMBs rely on cloud services, and the complexity of cloud administration adds another layer of vulnerability . Misconfigurations in cloud environments expose resources online, and make them easily penetrable. Even large tech companies like Microsoft have experienced breaches due to misconfigured cloud environments. The absence of Multi-Factor Authentication (MFA) for cloud services is a major issue.

Specific Threats and Incidents of Note

Volt Typhoon Botnet: The US Department of Justice disrupted the KB botnet, used by the China-affiliated APT Volt Typhoon to target critical infrastructure in the US. This group exploited vulnerable, end-of-life Cisco and NetGear SOHO devices for initial access. This highlights how even small, seemingly innocuous devices can become a gateway for major attacks.
Typosquatting Campaigns: Check Point Research found a typosquatting campaign with over 500 malicious packages on PyPI (Python Package Index), posing risks of PII theft and malware installation. This shows how supply chain attacks can affect even smaller organizations using open-source software.
Data Breaches via Stolen Credentials: Major data breaches, like those at Ticketmaster and Santander Bank, occurred because attackers gained access using stolen credentials of employees from Snowflake, a cloud storage company. This highlights the importance of safeguarding employee credentials. One study by CheckPointshowed that 90% of breached companies had corporate credentials leaked in a stealer log before the breach.
SSO Account Attacks: Threat actors are conducting large-scale credential stuffing and “low and slow” brute-force attacks on SSO providers and cloud services. This underscores the need for strong authentication and monitoring of SSO accounts.

The Human Element

Cyber Awareness: Malware, phishing, and web attacks target individual users, so ongoing cybersecurity awareness training is essential. Employees should be aware of the risks of using personal devices for work and be trained to identify phishing emails and suspicious links.

User Reports: User reports can help identify malicious activities that may be missed by other security mechanisms. Encouraging employees to report suspicious activities, such as unusual MFA requests or phishing attempts can add an additional layer of defense.

Recommendations for SOHO and SMBs

Based on these trends, SOHO and SMBs should take the following actions:

Adopt a Multi-Layered Security Approach: Implement a multi-layered security strategy that includes regular data backups, employee training on phishing awareness, and robust email filtering. EDR tools can help identify and isolate threats early.
Strengthen Access Controls: Maintain strict access controls and use the principle of least privilege. Regularly update software and systems to patch vulnerabilities, and conduct regular security assessments.
Prioritize Cloud Security: Implement strong API gateways, and adopt a zero-trust architecture. Use cloud security posture management (CSPM) tools to identify and fix misconfigurations. Enable MFA for all cloud services.
Secure Edge Devices: Ensure that routers, firewalls, and VPNs are updated with the latest security patches [30, 31]. Implement strong passwords, disable unnecessary features, and actively monitor these devices for suspicious activity.
Implement a strong password policy: Implement a strong password policy with guidelines such as using a minimum password length of 12 to 16 characters, using combinations of uppercase and lowercase letters, numbers and symbols and prohibiting password reuse.
Provide cyber awareness training for all employees: Educate employees on avoiding phishing and other forms of social engineering, as well as creating and maintaining strong passwords.
Stay Informed: Keep abreast of the latest threats and vulnerabilities by following reputable cybersecurity news sources and alerts.

The Future

The cybersecurity landscape will continue to evolve in 2025, with new challenges and threats emerging. By staying vigilant, investing in appropriate security measures, and promoting a culture of cybersecurity awareness, SOHO and SMBs can better protect their operations, data, and customers. The complexity of the cyber landscape is increasing, but so too are the tools and knowledge available to defend against attacks. By taking proactive steps, smaller organizations can improve their resilience and better navigate this challenging environment.