The Real Threat to Small Businesses: It's Not What You Think
- rigoberto34
- Jun 6
- 4 min read
When most business owners consider cybersecurity threats, they typically think of sophisticated hackers utilizing complex zero-day exploits or nation-state actors with seemingly unlimited resources. Still, the reality is: the biggest threat to your business isn't the headline-grabbing attacks you read about.
The $200 Million Reality Check
Recent cybersecurity events paint a clear picture of what's really happening in the threat landscape. Just last month, U.S. authorities took down two major cybercriminal operations that prove this point perfectly.
The Robbinhood Ransomware Case
An Iranian operator pleaded guilty to targeting U.S. cities and organizations, causing millions in losses between 2019-2024. His victims included major cities like Baltimore and Greenville, plus healthcare and nonprofit organizations. But the surprising thing is, he didn't use any fancy exploits. Instead, he relied on stolen admin credentials and basic vulnerabilities to manually deploy ransomware.
The Funnull Technology Sanctions
The U.S. Treasury sanctioned a Philippines-based company linked to over $200 million in losses from cryptocurrency scams. Their method? Simple romance baiting through dating apps and social media, again, no advanced hacking required.
These cases highlight a critical truth that cybersecurity experts have been trying to communicate: 99% of successful cyberattacks use boring, everyday techniques.
Why "Boring" is Actually Terrifying
As Dray Agha, Senior Manager of Security Operations at Huntress, puts it: "Don't worry about the zero day and the black swan events, because there is very little you can do. Instead, do the basics right. The boring and routine tradecraft is what 99% of attackers do."
Why do cybercriminals prefer these "boring" methods?
They're Simple | Most attacks exploit human error or common misconfigurations that exist in nearly every business environment |
They're Consistent | These methods are reliable and give predictable results, unlike experimental exploits that might fail |
They're Stealthy | Basic attacks blend into normal network activity, making them much harder to detect |
They're Low-Cost | Any criminal can access these techniques without nation-state resources or expensive tools |
The Attack Methods Targeting Businesses Right Now
Brute Force Attacks
Attackers systematically guess passwords until they find the right combination. While it sounds simple, brute force attacks are surprisingly effective because they:
Fill up security event logs, masking other malicious activity
Blend in with legitimate tools like vulnerability scanners
Target the weakest link: human password habits
VPN Compromise
With remote work becoming standard, VPN attacks have exploded. Recent cases show attackers gaining VPN access through:
Stolen employee credentials
Brute forcing VPN appliances
Targeting accounts with disabled multi-factor authentication
Credential Theft
Once attackers steal legitimate user credentials, they can move through your network like a trusted employee. There is an increased use of tools such as Mimikatz and the abuse of legitimate password storage applications to harvest credentials in bulk.
Lateral Movement
After gaining initial access, attackers use standard Windows functionality like Remote Desktop Protocol (RDP) to move between systems. Unfortunately, security experts report they rarely see failed lateral movement attempts – meaning once attackers get in, they usually succeed in spreading.
IoT Device Targeting
The recent PumaBot malware campaign shows how attackers are now systematically targeting Internet-connected devices like security cameras and traffic systems. Unlike broad internet scans, these attacks use targeted IP lists for strategic infections of surveillance equipment.
The MSP Connection: Why Your IT Provider Matters
Perhaps most concerning for businesses is the recent targeting of Managed Service Providers (MSPs). The DragonForce ransomware group recently exploited vulnerabilities in SimpleHelp remote management software to breach an MSP and then attack their customers.
Why MSPs are prime targets:
One successful breach gives access to dozens of client networks
MSPs have elevated access to customer systems
The "cascade effect" means maximum damage from minimal effort
This makes choosing the right local IT partner absolutely critical for your business security.
What This Means For Your Business
If you're running a construction company, transportation business, logistics operation, or accounting firm, these threats aren't theoretical, they're targeting businesses exactly like yours every day.
The good news? Because these attacks rely on basic techniques, they're also preventable with the right approach.
The challenge? As cybersecurity expert Anton Ovrutsky notes: "Assume nothing. If you think something is configured a certain way in your network, test your assumptions. All of this is complex."
Your Defense Strategy: Getting the Basics Right
Based on current threat intelligence, here is what every business should prioritize:
Immediate Actions:
Enable multi-factor authentication on all business accounts
Remove local administrator access where there's no business justification
Patch VPN appliances and remove unused accounts
Segment your network to limit lateral movement
Monitor for unusual login attempts and system services
Long-Term Strategy:
Implement managed endpoint detection and response (EDR)
Regular employee cybersecurity training
Professional security monitoring and incident response
Regular testing of backup and recovery procedures
The Bottom Line
While zero-day exploits and nation-state attacks grab headlines, the real threat to your business comes from everyday "boring" attack methods that work precisely because they're underestimated.
Remember: Not all cyberattacks are headline-worthy, but that doesn't mean they're harmless.
The businesses that stay secure aren't the ones with the most expensive security tools; they're the ones that get the basics right, consistently, with expert guidance.
Information Sourced and Provided By our Partner: Huntress https://www.huntress.com/blog/boring-isnt-harmless-risks-behind-common-cyberattack-tradecraft
Information Sourced and Provided By: SentinelOne
Comments