2025 THREAT REPORT for Small Businesses
An Urgent Reality Check, What You Should Know
In 2025 Verizon conducted a Data Breach Investigation, which spanned 139 countries. The report exposed 3,049 security incidences on small businesses and found ransomware to be the culprit in 88 percent of those breaches. So, if you’re a small business owner, keep reading, then update your technological security or call Doug at ITC because cyber criminals are not discriminating based on company size.
Tech Company N-Able's Key Cyber Attack Facts for Small Businesses
1. The digital technologies and platforms larger corporations utilize are now being adopted and used by small businesses, which expands their attack incidence rates at an alarming pace.
Threat incidences and attacks on small businesses surged from 48,789 in June 2024 to over 13.3 million in June 2025, which is an increase x273. Doug at ITC said, "We have recently helped three small businesses remediate and recover their technologies from threat incidences, one of which was compromised for one million dollars. Luckily, the banks were able to offer additional security in the prevention and recoveries of what would have been a significantly tragic loss of monies for a small business."
2. Ransomeware-as-a-service (RaaS) is cyber crime on an industrial-sized scale. For example, cyber gangs and attackers can launch sophisticated attacks in mass with a simple kit, which are usually built in a Microsoft application and come complete with customer service and affiliate programs. In six months time (from January - June 2025), N-able systems identified over 6 million small business threat instances across various classifications.
3. Stolen credentials dominated 88 percent of basic web application breaches.
4. The preferred credential harvesting tool for an attacker is email, once a mailbox is breached, Business Email Compromise quickly follows.
5. Cloud identity attacks, many of which rely on passwords alone, are relentless, and Microsoft stops 600 million fraudulent sign-in attempts a day. This is an urgent warning, if you are using Microsoft and a primary email address to log in that has credentials tied to it, this needs to change immediately! See below: number two under Top Threats for Small Businesses, number one under Getting Back to Basics, or to setup a user email with "least privilege" call Doug at ITC.
WHY Cyber Gangs are Targeting Small Businesses
1. Larger enterprises could potentially net a multi-million dollar ransom, which could take months to arrange, attack and defeat.
2. Dozens of smaller ransoms (i.e. $50,000) can be obtained more quickly with malware from a small business because they generally have weaker defenses and can’t afford prolonged down times.
3. Small businesses are more likely to pay a ransom because they lack an incident response plan or backup. Stealing their customer records, proprietary designs and financial information can be sold on the dark markets or used for identity theft and fraud for a huge payoff.
TOP THREATS FOR SMALL BUSINESSES
1. In 2024-25, PLAY was one of the most active ransomware groups, and they’ve been going strong since 2022. They target professional services and manufacturing industries and businesses of all sizes in North America and across the world. These cyber thugs commonly target exposed devices, which affect platforms like FortiOS, Citrix Netscaler and Microsoft Exchange servers. And, they are known to use stolen credentials against exposed VPN and RDP servers. EDR (endpoint detection and response), which is a topic we have emailed you about previously, can be most effective identifying their malicious activity and catching the attacker before they spread though the network can be elevated by actively monitoring the generated reports. Click on the EDR link to view previous email details on the ITC University web page.
2. Another major ransomware cyber gang is Qilin. They too have been active since 2022, but due to recent shutdowns of other RaaS cyber gangs, Qilin attacks have soared. This group of cyber thugs affiliate with brokers, who hand off their victims once gaining access to the network. So, they are highly diverse in their initial access, but their primary techniques involve phishing campaigns, exploiting vulnerable network devices and using stolen credentials to log into exposed VPN and RDP servers. For example, one of their recent attacks targeted MSPs (managed service providers) using ScreenConnect. Qilin cyber thugs sent phishing emails impersonating ScreenConnect, which led to a fake login page. This incident allowed them to steal the credentials, bypass multi-factor authentication and use an adversary-in-the-middle technique to gain access. This is an urgent warning, if you are using Microsoft and a primary email address to log in that has credentials tied to it, this needs to change immediately, as stated above under key factors for small businesses. Call Doug at ITC to help you set up at user email with least privilege.
3. Business Email Compromise can be just as devastating and disastrous as ransomware attacks, and Tycoon 2FA is a cyber gang notorious for using Phishing-as-a-Service (PHaaS) as their attack technique. PHaaS provides everything an attacker needs to impersonate a Microsoft 365 or Google Workspace login page and steal credentials from victims. Tycoon 2FA cyber criminals will come up with a phishing lure to convince or persuade their target to click on a link, scan a QR code, sign a fake DocuSign or use OneDrive document sharing. If a victim clicks on any of these links, they are redirected to a perfectly copied login page hosted and owned by none other than Tycoon 2FA. This allows the cyber gang to dive deeper into accounts, invoicing, banking, financials, personal information and more. Some threats have even asked for a victim to change a routing number on an account, so the cyber criminal can increase their profits.
Getting Back to Basics to Kill the Bug that Bites
Getting back to basics to kill the bug that bites is absolutely necessary because compromised credentials remain the single fastest path into an organization’s data.
Small Businesses need to:
1. Take charge of email controls, also embrace single sign-on and least privilege; This is an urgent warning, if you are using Microsoft and a primary email address to log in that has credentials tied to it, this needs to change immediately, as stated above under key factors for small businesses. Call Doug at ITC to help you set up at user email with least privilege.
2. Have a risk assessment done to identify vulnerability management and needs
3. Have a backup plan and install phishing-resistant mechanisms
4. Plan the move beyond passwords
5. Leverage built-in anomaly detection
The aforementioned information is from Verizon and N-Able 2025 cyber attack reports on small
businesses.
For more information: Text ITC.
