SMB malware infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

Ahead of International SMB (Small-Medium Businesses) Day on June 27, a new Kaspersky report reveals that the number of malware infections experienced by small and medium-sized businesses rose by 5% during the first quarter of 2024 compared to the same period last year. The number of users who encountered malware and unwanted software hiding in or mimicking software products was 2,402, with 4,110 unique files distributed under the guise of SMB-related software. This represents an 8% increase year-on-year and suggests an ongoing rise in attacker activity.

>>>Click here to read more about Cybersecurity

The most prevalent form of attack continues to be Trojans, which are especially hazardous because and usually mimic legitimate software. Their adaptability and capacity to evade traditional security measures render them a widespread and potent tool for cybercriminals.

Malware: record of number of Trojan attacks

Kaspersky recorded the number of Trojan attacks for Q1 2024 at 100,465, representing a 7% increase on the same period in 2023. There were 83,145 more Trojan attacks than the next highest threat, DangerousObjects, which recorded 17,320 attacks – some 6,994 more than in 2023.

Microsoft Excel has resumed its position as the number one channel of attack, moving from fourth to first place between 2023 and 2024. Microsoft Word secured second place, while Microsoft PowerPoint and Salesforce were the third most targeted applications.

To access information on the threats related to the SMB sector, Kaspersky analysts cross-referenced selected applications, such as MS Office, MS Teams, Skype, and other programs used in the SMB space against Kaspersky Security Network (KSN) telemetry. This enables them to determine the prevalence of malicious files and unwanted software related to these programs, as well as the number of users attacked by these files.

Phishing

Phishing remains a constant threat in the SMB sector and can have catastrophic consequences for business. Employees receive links to seemingly familiar and legitimate websites that imitate popular services, corporate portals, and online banking platforms. Once targets sign in, they inadvertently divulge usernames and passwords to cybercriminals or trigger automated cyberattacks, compromising sensitive information and business security.

“Our intelligence reveals that human error, often due to poor cybersecurity awareness, remains a significant vulnerability for SMBs,” said Vasily Kolesnikov, a cybersecurity expert at Kaspersky. “In addition, the ubiquitous use of Microsoft Excel in office environments provides fertile ground for cybercriminals who can hide and manipulate malicious data in large datasets that are then widely shared across a business. Although SMBs might be under the illusion they are not a target, they belong to huge ecosystem of interconnected assets and cybercriminals will exploit any weakness. For this reason, it is critical for all SMBs to create clear policies for accessing any corporate assets and ensure that staff are regularly reminded of the importance of following basic cybersecurity rules.”

Protecting the SMB sector from the increasing interests of cybercriminals is crucial for the global economic, social and environmental challenges that lie ahead, particularly in emerging growth economies. According to UN data, 7 out of every 10 jobs in emerging economies are in the SMB sector, while access to finance is disproportionately challenging, making it harder for businesses in the sector to protect themselves against attack. Malware is a growing threat around the world.

Read the full report on Securelist.com.

To protect your business from cyberthreats, please consider the following guidelines:

· Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure that they know how to distinguish phishing emails.

· Set up a policy for access to corporate assets, including email boxes, shared folders, and online documents. Keep it up to date and remove access if an employee no longer needs the details to do their job or when they leave the company. Use cloud access security broker software that can help manage and monitor employee activity within cloud services and enforce security policies.

· Make regular backups of essential data to ensure corporate information stays safe in case of emergencies.

Image by DC Studio on Freepik

Deixe comentário

Seu endereço de e-mail não será publicado. Os campos necessários são marcados com *.