Top 5 cyber threats to small and medium businesses by Kaspersky

News Desk -

Share

The statistics show more than 60% of all small and medium businesses experienced cyberattacks throughout 2022. Small and medium-sized companies are great contributors to the global economy: according to the World Trade Organization, SMBs represent more than 90% of all businesses worldwide.

Businesses may lose sensitive data, money, and important market share as a result of cyberattacks. There are several ways that hackers attempt to achieve their objectives. A cybersecurity issue is one of the most difficult forms of disaster, according to small businesses. Experts from Kaspersky examined potential weak areas SMBs may have and identified several serious cyber threats for business owners to be wary of in 2023.

  1. Data leaks caused by employees

There are different ways a company’s data may be leaked – and, in certain cases, it might happen involuntarily. During the pandemic, many remote workers used corporate computers for entertainment purposes, such as playing online games, watching movies, or using e-learning platforms – something that continues to pose financial threats to organizations. This trend is here to stay, and while during 2020, 46% of employees had never worked remotely before, now two-thirds of them state they wouldn’t go back to the office, with the rest claiming to have a shorter office work week.

After the epidemic and the widespread first adoption of remote work by businesses, cybersecurity has improved. However, one of the most crucial methods for gaining early access to a company’s network continues to be through the usage of business computers for pleasure. Users get into several sorts of malware, such as Trojans, spyware, and backdoors, as well as adware, when searching for alternate sites to download a new episode of a show or a recently released movie. Kaspersky statistics show that 35% of customers who encountered dangers disguised as streaming sites were harmed by Trojans. If such malware is found on a corporate computer, attackers may even break into the network of the company and look for and steal sensitive data, including both trade secrets and employee personal information.

Also, there’s a tendency to blame ex-workers for possible data leaks. However, only half of recently surveyed organizations’ leaders are confident that ex-employees don’t have access to company data stored in cloud services or can’t use corporate accounts. An ex-colleague may not even remember they had access to the such-and-such resource. But a routine check by those same regulators might reveal that unauthorized persons do have access to confidential information, which would still result in a fine.

  1. DDoS attacks

Distributed Denial of Service (DDoS) assaults are another name for distributed network attacks. This kind of attack takes use of the precise capacity restrictions that apply to all network resources, including the technology supporting a company’s website. With the intent of exceeding the website’s capacity to handle multiple requests and preventing proper operation, the DDoS attack will send numerous requests to the targeted web resource.

Attackers resort to different sources to perform acts on organizations such as banks, media assets, or retailers – all frequently affected by DDoS attacks. Recently, cybercriminals targeted the German food delivery service, Takeaway.com (Lieferando.de), demanding two bitcoins (approximately $11,000) to stop the flood of traffic. Moreover, DDoS attacks on online retailers tend to spike during the holiday seasons, when their customers are most active.

There’s also a growing trend towards gaming companies gaining scale. The North American data centres of Final Fantasy 14 were attacked in early August. Players experienced connection, login, and data-sharing issues. Blizzard’s multiplayer games — Call of Duty, World of Warcraft, Overwatch, Hearthstone, and Diablo: Immortal — were also DDoSed yet again.

Many DDoS attacks go unreported because the payout amounts are often not big.

  1. Supply chain

Being attacked through a supply chain typically means a service or program that an organization has been using for some time has become malicious. These are attacks delivered through the company’s vendors or suppliers – examples can include financial institutions, logistics partners, or even a food delivery service. And such actions may vary in complexity or destructiveness.

For example, attackers used ExPetr (aka NotPetya) to compromise the automatic update system of accounting software called M.E.Doc, forcing it to deliver the ransomware to all customers. As a result, ExPetr caused millions in losses, infecting both large companies and small businesses.

Another example is CCleaner, one of the most famous programs for system registry cleaning. It is widely used by both home users and system administrators. At some point, attackers compromised the program developer’s compilation environment, equipping several versions with a backdoor. For a month these compromised versions were distributed from the company’s official websites and downloaded 2.27 million times, and at least 1.65 million copies of the malware attempted to communicate with the criminals’ servers.

The recent examples that drew our attention are DiceyF incidents, which were performed in Southeast Asia. The prime targets were an online casino developer and operator and a customer support platform, which were attacked in The Ocean 11 style.

  1. Malware

When downloading illegal files, one must ensure that they don’t cause any damage. Encryptors that target a company’s data, money, or even the personal information of its owners are the most recent threats. To bolster this, it’s important to note that more than a quarter of small and medium-sized enterprises choose unlicensed or pirated software as a cost-saving measure. Such software might contain certain harmful or unwanted files that could harm business networks and systems.

Additionally, business owners must be aware of access brokers as such layers of groups will cause SMBs harm in a variety of ways in 2023. Their illegal-access customers include cryptojacking clients, banking password stealers, ransomware, cookie stealers, and other problematic malware. One of the examples is Emotet, malware that steals banking credentials and targets organizations around the world. Another group that targets small and medium-sized businesses is DeathStalker, best known for its attacks on legal, financial and travel entities. The group’s main goals rely on looting confidential information regarding legal disputes involving VIPs and large financial assets, competitive business intelligence as well as insights into mergers and acquisitions.

  1. Social engineering

Since the onset of the COVID-19 pandemic, many companies have moved much of their workflows online and learned to use new collaboration tools. In particular, Microsoft’s Office 365 suite has seen a lot more use — and, to no one’s surprise, phishing now increasingly targets those user accounts. Scammers have been resorting to all sorts of tricks to get business users to enter their passwords on a website made to look like Microsoft’s sign-in page.

Kaspersky has uncovered many new ways in which phishing scammers are trying to fool business owners, which sometimes turn out to be quite elaborate. Some are mimicking loan or delivery services – by sharing false websites or sending emails with fake accounting documents.

Some attackers masquerade as legitimate online platforms to get profit out of their victims: it may be even quite popular money transfer services, such as Wise Transfer.

A link to a page that was translated using Google Translate is another warning sign that Kaspersky specialists have identified. Attackers circumvent cybersecurity measures by using Google Translate. The email’s authors claim that the attachment contains a payment document that is only accessible by the recipient and needs to be read in preparation for a “contract meeting presentation and subsequent payments.” The Open button link directs users to a Google Translate-translated website. The link, however, takes users to a bogus website set up by attackers to defraud their victims of their money.