THREAT INTEL: SMEs Under Siege – 2.9 Bn Credential Leaks & 25% Ransomware Surge

New Bitsight research reveals underground Cybercrime economy increasingly focuses on small and medium enterprises as easier targets

The Cybercrime underground (Dark Web) has undergone a dramatic transformation in 2024, according to Leading Cyber Risk Intelligence firm with Small and Medium Enterprises (SMEs) increasingly in the crosshairs of sophisticated criminal operations. Bitsight’s comprehensive 2025 State of the Underground Report, analysing tens of thousands of dark web posts through AI-driven intelligence, reveals alarming trends that should concern every SME owner.

The Numbers Tell a Stark Story

Key statistics that directly impact SMEs:

* Ransomware attacks surged 25% with new gangs specifically targeting smaller organizations
* Data breaches increased by 43%, affecting businesses of all sizes
* 2.9 billion unique credential leaks represent a record high, up sharply from 2023
* Underground markets have become more sophisticated and resilient, making attacks easier to execute

These figures aren’t just statistics – they represent real businesses facing operational shutdown, financial losses, and reputational damage that can take years to recover from.

Why SMEs Are Prime Targets for New Ransomware Gangs

The report identifies a concerning shift in cybercriminal strategy: new ransomware gangs are deliberately focusing on smaller organizations. This targeting preference stems from several factors that make SMEs attractive to cybercriminals:

Limited Security Resources: SMEs typically lack dedicated Cybersecurity teams and sophisticated defence systems, making them easier targets than larger enterprises with robust security operations centres.

Faster Payment Likelihood: SMEs often pay ransoms more quickly due to limited backup systems and greater operational disruption from downtime.

Lower Detection Risk: Attacks on SMEs may receive less law enforcement attention than high-profile corporate breaches, reducing criminals’ risk of prosecution.

Supply Chain Access: Compromising SMEs can provide backdoor access to larger clients and partners, making them valuable stepping stones for more significant attacks.

The Credential Crisis: What 2.9 Billion Leaks Mean for Small Business

The record-breaking number of credential leaks creates a cascade of risks for SMEs:

Password Reuse Vulnerability: Many SME owners and employees use the same passwords across multiple platforms. A single leak can compromise email, banking, and business systems simultaneously.

Third-Party Access Risks: Leaked credentials often include access to business services, cloud platforms, and vendor systems that SMEs rely on for daily operations.

Customer Data Exposure: Employee credentials linked to customer databases or payment systems can lead to broader data breaches with significant compliance implications.

Long-Term Compromise: Stolen credentials may circulate in underground markets for months or years, creating ongoing vulnerability windows.

Emerging Malware Threats: Lumma and Risepro Target Business Systems

The report highlights the emergence of Lumma and Risepro malware, representing new threats specifically designed to infiltrate business environments. These malware families pose particular risks to SMEs because:

Stealth Operations: Both variants are designed to operate undetected for extended periods, stealing data and credentials without triggering obvious system alerts.

Business Focus: Unlike traditional consumer-focused malware, these variants specifically target business applications, accounting software, and communication platforms commonly used by SMEs.

Easy Deployment: The malware is available through user-friendly criminal services, lowering the technical barrier for attackers targeting small businesses.

Geopolitical Hacktivism Affects All Business Sizes

The report notes significant shifts in hacktivism reflecting global geopolitical tensions. For SMEs, this creates unexpected risks:

Collateral Damage: Businesses may be targeted not for their own activities but due to their location, industry, or perceived political associations.

Supply Chain Disruption: Hacktivist attacks on infrastructure or large corporations can disrupt SME operations through service outages or communication interruptions.

Reputation Risks: SMEs may find themselves inadvertently associated with controversial issues through cyberattacks, affecting customer relationships and business partnerships.

AI Reshapes Cyber Defence: Opportunities and Challenges for SMEs

The report examines how Artificial Intelligence is transforming Cybersecurity, presenting both opportunities and challenges for SMEs:

AI-Powered Defence Opportunities:

* Automated threat detection can provide enterprise-level security capabilities at SME-affordable prices
* Behavioural analysis can identify unusual activity patterns that might indicate compromise
* Response automation can contain threats faster than manual intervention 

AI-Enhanced Attack Challenges:

* Sophisticated social engineering using AI-generated content becomes harder to detect
* Automated vulnerability scanning allows criminals to target more businesses simultaneously
* Personalized attack campaigns become economically viable even for smaller targets

Practical Defence Strategies for SMEs

Based on the underground trends identified in the report, SMEs should prioritize these defensive measures:

Immediate Actions:

* Credential hygiene: Implement unique passwords and multi-factor authentication across all business systems
* Employee training: Focus on recognizing social engineering attempts and suspicious communications
* Backup verification: Ensure backup systems are isolated and regularly tested for rapid recovery

Medium-Term Investments:

* AI-powered security tools: Leverage affordable AI security solutions designed for small business environments
* Vendor security assessment: Evaluate the cybersecurity practices of all third-party service providers
* Incident response planning: Develop clear procedures for responding to potential breaches or ransomware attacks

Long-Term Resilience:

* Cyber insurance: Ensure adequate coverage that specifically addresses ransomware and data breach scenarios
* Security culture development: Build Cybersecurity awareness into company culture and regular training
* Technology modernization: Gradually upgrade legacy systems that may be more vulnerable to new attack methods 

The Business Case for SME Cybersecurity Investment

The Bitsight report’s findings make a compelling financial argument for Cybersecurity investment:

Cost of Inaction: With Ransomware attacks up 25% and increasingly targeting SMEs, the probability of experiencing an attack is higher than ever.

Recovery Costs: Data breaches and ransomware attacks can cost SMEs anywhere from £10,000 to £500,000, not including long-term reputational damage.

Competitive Advantage: Strong cybersecurity can become a selling point when competing for contracts with security-conscious clients.

Regulatory Compliance: Many industries now require cybersecurity standards that smaller suppliers must meet to maintain business relationships.

Market Opportunities in Cybersecurity Services

The report’s findings highlight significant opportunities for SMEs in the cybersecurity services sector:

Managed Security Services: Providing affordable, AI-powered security monitoring for other small businesses.

Compliance Consulting: Helping SMEs navigate cybersecurity requirements for various industries and regulations.

Incident Response Services: Offering rapid response capabilities specifically designed for small business needs and budgets.

Security Training Programs: Developing Cybersecurity awareness training tailored to small business environments and common threats.

Looking Ahead: Preparing for an Evolving Threat Landscape

The 2025 State of the Underground report makes clear that cybercrime will continue evolving rapidly, with SMEs increasingly in the spotlight. The key to survival isn’t perfect security – it’s building resilience that allows businesses to detect, respond to, and recover from attacks quickly.

For SMEs, the message is clear: cybersecurity is no longer optional. With underground markets becoming more sophisticated and specifically targeting smaller organizations, investing in appropriate defenses isn’t just good practice – it’s essential for business survival.

The underground economy will continue to evolve, but businesses that take proactive steps to understand and address these threats will be best positioned to thrive despite the challenging Cybersecurity landscape ahead.