Cyber ​​attacks on small and medium-sized businesses are on the rise.

Accordingly, the number of users encountering malware, hidden on devices and emulating legitimate software reached 2,402 cases with 4,110 files distributed as software related to SMBs. These numbers show that the attack activity is increasing with an increase of 8% compared to the same period last year.

A new report from Kaspersky shows that more and more small and medium-sized businesses are being targeted by cybercriminals. The most common type of attack continues to be Trojans, which, although they do not have the ability to self-replicate like viruses, can mimic legitimate software. In addition, their ability to adapt and evade cybersecurity tools makes them a popular tool for cybercriminals.

During the period January - April 2024, Kaspersky recorded a total of 100,465 Trojan attacks, equivalent to a 7% increase compared to the same period in 2023.

Accordingly, Microsoft Excel continues to be the most attacked software in 2024. It is followed by Microsoft Word, and the third most targeted software by criminals is Microsoft PowerPoint and Salesforce.

To find out the results of the research on threats in SMBs, Kaspersky analysts cross-referenced applications such as MS Office, MS Teams, Skype and many other programs used in SMB workspaces based on Kaspersky Security Network (KSN) telemetry. This form of analysis helps Kaspersky determine the prevalence of malware and unwanted software related to these programs, as well as the number of users attacked by these files.

In addition, phishing continues to be a threat to SMBs, causing serious consequences for businesses. Employees are constantly being sent familiar-looking links and websites that mimic popular services, enterprise portals, and online banking platforms. Once they log in to these services, they will inadvertently reveal their usernames and passwords to cybercriminals or trigger pre-set cyberattacks on the system, such as compromising sensitive information and business security.

“Our technology reveals that the human factor continues to be a significant vulnerability for SMBs, partly due to low cybersecurity awareness. Furthermore, the widespread use of Microsoft Excel in office productivity tools creates an ideal environment for cybercriminals to hide and modify malicious data in large datasets, which are then disseminated widely throughout the organization. Furthermore, SMBs often believe that they are not the target of cyberattacks, but hackers are very good at finding any vulnerabilities in the vast network of connected assets they control. Therefore, SMBs should create clear policies when accessing any company assets and ensure that employees are regularly reminded of the importance of following basic cybersecurity rules,” commented Vasily Kolesnikov, cybersecurity expert at Kaspersky.