{"id":110097,"date":"2023-06-27T06:00:36","date_gmt":"2023-06-27T06:00:36","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/securelist\/?p=110097"},"modified":"2023-06-27T10:06:30","modified_gmt":"2023-06-27T10:06:30","slug":"smb-threat-report-2023","status":"publish","type":"post","link":"https:\/\/securelist.com\/smb-threat-report-2023\/110097\/","title":{"rendered":"How cybercrime is impacting SMBs in 2023"},"content":{"rendered":"

According to the United Nations<\/a>, small and medium-sized businesses (SMBs) constitute\u00a090 percent of all companies and contribute 60 to 70 percent of all jobs in the world. They generate 50 percent of global gross domestic product and form the backbone of most countries’ economies. Hit hardest by the COVID pandemic, geo-political and climate change, they play a critical role in a country’s recovery, requiring greater support from governments to stay afloat.<\/p>\n

In the past, the perception was that large corporations were more attractive to cybercriminals. Yet in reality, cybercriminals can target anyone, especially those who are less protected, while small businesses typically have smaller budgets and are not as securely protected as larger companies.<\/p>\n

According to a report<\/a> by the Barracuda cybersecurity company, in 2021, businesses with fewer than 100 employees experienced far more social engineering attacks than larger ones. That same year saw one of the worst ransomware incidents in history, the Kaseya VSA<\/a> supply-chain attack. By exploiting a vulnerability in the software, the cybergang REvil infiltrated between 1,500 and 2,000 businesses around the world, many of which were SMBs. For example, the attack hit<\/a> a small managed service provider Progressive Computing, and, by virtue of the domino effect, the company’s 80 clients, which were mainly small businesses. Although the attack was stopped fairly quickly, the SME sector was understandably shaken, alerting businesses to the fact that everyone was vulnerable.<\/p>\n

According to the Kaspersky cyber-resilience report<\/a>, in 2022, four in ten employers admitted that a cybersecurity incident would be a major crisis for their business, superseded only by a slump in sales or a natural disaster. A cybersecurity crisis would also be the second most difficult type of crisis to deal with after a dramatic drop in sales if judged by the results of the survey.<\/p>\n

In this report, we have analyzed the key threats to small and medium-sized companies in 2022 and 2023, and provided advice on how to stay safe.<\/p>\n

Methodology<\/h2>\n

The statistics used in this report were collected from January through May 2023 by Kaspersky Security Network (KSN), a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users.<\/p>\n

To assess the threat landscape for the SMB sector, Kaspersky experts collected the names of the most popular software products used by its clients who owned small or medium-sized businesses around the world. The final list of the software includes MS Office, MS Teams, Skype and others used by the SMB sector. We then ran these software names against Kaspersky Security Network (KSN)* telemetry to find out how much malware and unwanted software was distributed under the guise of these applications.<\/p>\n

Malware attacks<\/h2>\n

Between January 1 and May 18, 2023, 2,392 SMB employees encountered malware or unwanted software disguised as business applications, with 2,478 unique files distributed this way. The total number of detections of these files was 764,015.<\/p>\n

Below is a brief description of the most popular types of threats that SMB employees encountered in January\u2013May 2023:<\/p>\n

Exploits<\/strong><\/p>\n

The biggest threat to SMBs in the first five months of 2023 were exploits<\/a>, which accounted for 483,980 detections. Malicious and\/or unwanted software often infiltrates the victim’s computer through exploits, malicious programs designed to take advantage of vulnerabilities in software. They can run other malware on the system, elevate the attackers’ privileges, cause the target application to crash and so on. They are often able to penetrate the victim’s computer without any action by the user.<\/p>\n

Trojans<\/strong><\/p>\n

The second-biggest threat were Trojans<\/a>. Named after the mythical horse that helped the Greeks infiltrate and defeat Troy, this type of threat is the best-known of them all. It enters the system in disguise and then starts its malicious activity. Depending on its purpose, a Trojan can perform various actions, such as deleting, blocking, modifying or copying data, disrupting the performance of a computer or computer network, and so on.<\/p>\n

Backdoors<\/strong><\/p>\n

The third most common threat are backdoors<\/a>. These are among the most dangerous types of malware as, once they penetrate the victim’s device, they give the cybercriminals remote control. They can install, launch and run programs without the consent or knowledge of the user. Once installed, backdoors can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity, and more.<\/p>\n

Not-a-virus<\/strong><\/p>\n

Potentially unwanted applications (PUAs) that can be inadvertently installed on your device are labeled “not-a-virus<\/a>” by our solutions. Although they are listed among the most widespread threats and can be used by cybercriminals to cause harm, they are not malicious per se<\/em>. Nonetheless, their behavior is annoying, sometimes even dangerous, and the antivirus alerts users because, despite being legal, they often sneak onto the device without the user realizing.<\/p>\n

<\/div>\n

TOP 10 threats for SMBs, January-May 2022 (download<\/a>)<\/em><\/p>\n

<\/div>\n

TOP 10 threats for SMBs, January-May 2023 (download<\/a>)<\/em><\/p>\n

Cybercriminals attempt to deliver this and other malware and unwanted software to employees’ devices by using any means necessary, such as vulnerability exploitation, phishing e-mails and fake text messages. Even something totally unrelated to business, such as a YouTube link, may be used to target SMBs, as their employees often use the same devices for work and personal matters.<\/p>\n

One of the methods often utilized to hack into employees’ smartphones is so-called “smishing<\/a>” (a combination of SMS and phishing). The victim receives a link via SMS, WhatsApp, Facebook Messenger, WeChat or some other messaging app. If the user clicks the link, malicious code is uploaded into the system.<\/p>\n

Examples of scam threats and phishing<\/h2>\n

Phishing and scam can pose a significant threat to SMBs, as scammers try to mimic payment, loan and other services, as well as cloud service providers like Microsoft, in order to obtain confidential information or company funds. Often, the phishing pages where the employees land if they click a link in a scam e-mail are tailored to look like login pages to the target systems with the corresponding logo on the page. Below, we provide several examples of phishing pages that imitate various services in an attempt to get hold of the target company’s data and money.<\/p>\n