SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Trojan cyber attacks hitting SMBs harder than ever - Kaspersky
Mon, 23rd May 2022
FYI, this story is more than a year old

When a small business owner is faced with the responsibilities of production economics, financial reports and marketing all at the same time, cybersecurity can often appear complicated and unnecessary. However, this disregard for IT security is being exploited by cybercriminals.

Kaspersky researchers assessed the dynamics of attacks on small and medium-sized businesses between January and April 2022 and the same period in 2021 to identify which threats pose an increasing danger to entrepreneurs.

In 2021, small businesses were three times more likely to fall victim to fraudsters than larger companies. The average loss from a single cyber attack has exploded from $34,000 to just under $200,000.

In addition to financial hits, these companies have had to shoulder legal fees, compliance penalties, reputational damage and the loss of customers.

The researchers also found the total number of attacks have increased significantly.

For instance, in 2022 the number of Trojan-PSW (Password Stealing Ware) detections increased by almost a quarter compared to the same period in 2021 to reach 4,003,323 from 3,029,903.

Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the corporate network and steal sensitive information.

Another top attack takes advantage of Remote Desktop Protocol (RDP) technology. With the shift towards remote working, many companies have introduced RDP, which enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.

Despite the normality of such technology, it puts the security of employee devices and the corporate systems of a business in danger, as RDP is of particular interest to cybercriminals.

With RDP in place, if the attacker gains access to the corporate network, they can then conduct fraud on any of the business's computers that have been linked.

The overall number of attacks on RDP has decreased slightly, but not in all countries. For example, in the first trimester of 2021 there were about 47.5 million attacks in the United States, whereas for the same period in 2022 the number had risen to 51 million.

Many small businesses are unable to recover from such attacks. To prevent losses, business owners need to take better care of their business's online security, the researchers state. This security begins first and foremost with employees.

According to public reports, the average employee has access to over 11 million files. The information that they have access to can vary from financial information or customer data to the secrets of their company's development.

Cybercriminals are aware of this, which is why most attacks on companies are conducted through its employees, who are often untrained in the cyber risks associated with their role.

One person in particular also has a huge bearing on a business's overall security - the IT specialist.

Advanced security services can provide built-in training to keep IT specialists up to date with the latest cyber threats, Kaspersky states.

Through training and education, business owners can turn them into sought-after cybersecurity specialists who are able to analyse how threats may hit their particular organisation and adapt technical and organisational cybersecurity measures accordingly. This will help businesses avoid additional costs related to breaches of their corporate systems, according to the researchers.

On top of this, the experts advise getting an advanced security product to provide incident analysis. Many organisations don't have any plan in place to mitigate a breach of their organisation, let alone the necessary protection to prevent an infringement in the first place.

This is particularly true if a threat infiltrates their system and goes undetected which is entirely possible if network monitoring and automated threat detection mechanisms aren't in place.

Having a special security solution enables attack visualisation and provides IT administrators with a convenient tool for incident analysis. The faster they can analyse where and how a leak occurred, the better they will be able to solve any negative consequences.

Kaspersky security researcher Denis Parinov says, "With the shift to remote working and the introduction of numerous advanced technologies in the daily operations of even small companies, security measures need to evolve to support these sophisticated setups.

"Cybercriminals are already way ahead of the curve, so much so that virtually every organisation will experience a breach attempt at some point.

"For small companies today, it's not a matter of whether a cybersecurity incident will happen but when. Having trained staff and an educated IT-specialist is no longer a luxury but a must-have part of your business development."