Top 4 threats targeting small and medium business in SEA
Kaspersky foiled almost four-fold malware attacks targeting small and medium businesses (SMBs) in Southeast Asia (SEA) during the first half of the year.
The global cybersecurity company has revealed that its solutions blocked a total of 44,022 malware attacks against SMB employees in the region from January to June 2023, a 364% jump as compared to just 9,482 hits in the same period in 2022.
"SMBs are the backbone of Southeast Asia's economy. They make up nearly half of the regions GDP, contribute to 85% of jobs here, and they account for more or less 99% of the businesses in SEA," says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
"To meet the changing needs of their customers, it is essential for this sector to embrace digitalisation, albeit most are skipping the cybersecurity part of it."
To help SMBs figure out their cybersecurity plan, Kaspersky shares the most common types of threats this sector faces:
The biggest threat to SMBs in the first six months of 2023 were exploits. Malicious and/or unwanted software often infiltrates the victims computer through exploits, malicious programs designed to take advantage of vulnerabilities in software. They can run other malware on the system, elevate the attackers privileges, cause the target application to crash and so on. They are often able to penetrate the victims computer without any action by the user.
The second-biggest threat were Trojans. Named after the mythical horse that helped the Greeks infiltrate and defeat Troy, this type of threat is the best-known of them all. It enters the system in disguise and then starts its malicious activity. Depending on its purpose, a Trojan can perform various actions, such as deleting, blocking, modifying or copying data, disrupting the performance of a computer or computer network, and so on.
The third most common threat is backdoors. These are among the most dangerous types of malware as, once they penetrate the victims device, they give the cybercriminals remote control. They can install, launch and run programs without the consent or knowledge of the user. Once installed, backdoors can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity, and more.
Potentially unwanted applications (PUAs) that can be inadvertently installed on your device are labeled not-a-virus by our solutions. Although they are listed among the most widespread threats and can be used by cybercriminals to cause harm, they are not malicious per se. Nonetheless, their behavior is annoying, sometimes even dangerous, and the antivirus alerts users because, despite being legal, they often sneak onto the device without the user realizing.
Cybercriminals attempt to deliver this and other malware and unwanted software to employees devices by using any means necessary, such as vulnerability exploitation, phishing e-mails and fake text messages. Even something totally unrelated to business, such as a YouTube link, may be used to target SMBs, as their employees often use the same devices for work and personal matters.
One of the methods often utilised to hack into employees smartphones is so-called smishing (a combination of SMS and phishing). The victim receives a link via SMS, WhatsApp, Facebook Messenger, WeChat or some other messaging app. If the user clicks the link, malicious code is uploaded into the system.
"According to our latest cyber-resilience report, in 2022, four in ten employers admitted that a cybersecurity incident would be a major crisis for their business, superseded only by a slump in sales or a natural disaster," says Yeo.
"A cybersecurity crisis would also be the second most difficult type of crisis to deal with after a dramatic drop in sales if judged by the results of the survey," they say.
"Cybersecurity is something SMBs in SEA should take seriously, and we are here to help them chart their journey to building a safer business for them and for their customers."
Kaspersky experts suggest SMBs to have a comprehensive defensive concept that equips, informs and guides your team in their fight against the most sophisticated and targeted cyberattacks like Kaspersky Extended Detection and Response (XDR) platform.