Hackers shift toward small businesses



CAIRO, Egypt (AFP) — A cholera outbreak in Sudan has killed 120 people, with another 1,102 suspected cases since May in…

There have been 100,114 conflict-related fatalities since the coup.

Cybersecurity has become more critical than ever as the world rapidly embraces artificial intelligence (AI), according…

Cybersecurity has become more critical than ever as the world rapidly embraces artificial intelligence (AI), according…

EY Global Delivery Services (EY GDS) has launched an AI-powered Cybersecurity Center in Cebu, expanding its global…
Small businesses are becoming the preferred targets of cybercriminals, with more than half of the hacked corporate access being traded on dark web marketplaces now linked to small and medium-sized enterprises (SMEs), according to cybersecurity firm Kaspersky.
In a recent report, Kaspersky said its Digital Footprint Intelligence team analyzed hundreds of posts by initial access brokers on dark web forums between January and April 2025 and the same period in 2026.
The study found that over 50 percent of the offers in the first four months of the year involved access to compromised small and medium-sized organizations.
Initial access brokers are cybercriminals who sell access to hacked company networks.
Buyers can use that access to launch ransomware attacks, steal confidential business information, or conduct other fraudulent activities.
Kaspersky said small businesses accounted for the largest share of the listings at 40 percent, while medium-sized firms made up another 20 percent. Together, they represented the majority of all initial access offers analyzed during the period.
The company said brokers often advertise details such as a target company’s location, industry, revenue, and the type of system access available to entice potential buyers.
“Despite the fact that posts concerning small-sized companies prevail, threat actors may target medium-sized businesses as they generate higher revenue than small businesses, while they may have a lower level of protection against cyber threats than large ones. Thus, the common belief that small- and medium-sized enterprises are uninteresting to attackers is a misconception. Companies of any size need to understand the cyberthreat landscape, adhere to cybersecurity policies, use appropriate cybersecurity solutions, and continuously improve employees’ awareness,” said Ekaterina Beloborodova, Kaspersky Digital Footprint Intelligence analyst.
The findings suggest that cybercriminals increasingly view smaller businesses as attractive targets because they often lack the resources and cybersecurity defenses of larger corporations while still holding valuable financial and customer data.