The latest report from cybersecurity solutions company Kaspersky indicates a 5% rise in cybersecurity infections affecting small to medium-sized businesses (SMBs) in the first quarter of 2024 compared to the same period last year.
According to Kaspersky, during this time, 2,402 users encountered malware and unwanted software disguised as legitimate SMB-related software, with 4,110 unique files being distributed in this manner, reflecting an 8% increase year-on-year. This data points to an ongoing surge in cybercriminal activity targeting the SMB sector.
The report highlights that Trojans remain the most prevalent form of attack on SMBs. Unlike viruses, Trojans do not self-replicate but instead mimic legitimate software, making them particularly hazardous. Their ability to adapt and evade traditional security measures has made them a popular tool among cybercriminals.
Microsoft Excel
Microsoft Excel has re-emerged as the primary channel of attack, climbing from fourth to first place between 2023 and 2024. Microsoft Word follows in second place, with Microsoft PowerPoint and Salesforce being the third most targeted applications.
“Our intelligence reveals that human error, often due to poor cybersecurity awareness, remains a significant vulnerability for SMBs,” said Vasily Kolesnikov, a cybersecurity expert at Kaspersky. “The widespread use of Microsoft Excel in office environments provides ample opportunities for cybercriminals to embed and manipulate malicious data within large datasets shared across businesses.”
He noted that SMBs might mistakenly believe they are not targets, but they are part of a vast ecosystem of interconnected assets, and cybercriminals will exploit any weakness.
Kaspersky recorded 100,465 Trojan attacks between January and April 2024, marking a 7% increase from the same period in 2023. This figure is significantly higher than the next most prevalent threat, DangerousObjects, which accounted for 17,320 attacks — an increase of 6,994 from the previous year.
Phishing
To assess the threats faced by SMBs, Kaspersky analysts cross-referenced applications such as MS Office, MS Teams, and Skype against telemetry from the Kaspersky Security Network (KSN). This method allowed them to determine the prevalence of malicious files and unwanted software associated with these programs and the number of users affected by these files.
Phishing remains a persistent threat to the SMB sector, often resulting in severe consequences for businesses. Employees frequently receive links to websites that mimic popular services, corporate portals, and online banking platforms. Once users sign in, they inadvertently provide cybercriminals with their usernames and passwords or trigger automated cyberattacks, compromising sensitive information and business security.
Related Stories
This post was originally published on 3rd party site mentioned in the title of this site
