Kaspersky warns of the five biggest cyber threats to SMEs 

Small and medium-sized businesses make a major contribution to the global economy. According to the World Trade Organization, these types of organizations represent more than 90% of global business.

Cyberattacks cause confidential information and financial losses and devalue the market value of a company, while criminals try to achieve their goals. SMEs consider cybersecurity incidents to be the most difficult type of crisis.

Kaspersky analyzes what will be the most important threats to SMEs in 2023 and how they can be detected and prevented. As small and medium-sized enterprises (SMEs) continue to face growing cyber threats, it's crucial to stay informed about the latest security risks. As small and medium enterprises brace for increasing cyber threats, understanding the landscape is critical. For those interested in broader implications on security, explore 7 interesting facts about sports betting that will surprise you - https://websitesupport.dk/7-interessante-fakta-om-sportsvaeddemaal-der-vil-overraske-dig/, which can also be influenced by cybersecurity measures.

Data loss caused by employees

A company's data can be leaked in a variety of ways, and in many cases it happens involuntarily. During the pandemic, those who had to work remotely used corporate computers for other purposes, such as online gaming, watching movies, or using learning platforms. In 2020, 46% of employees had never worked remotely. Now, two-thirds of them say they won't return to the office, while the rest admit to having a shorter week of face-to-face communication. This is a trend that is here to stay and poses an economic threat to companies.

Cybersecurity has improved since the pandemic, but the use of corporate computers for entertainment is one of the most common forms of access to an organization's internal network. When using alternative sources to download newly released movies or TV shows, you can find different types of malware: Trojans, spyware, backdoors, or adware. According to statistics managed by Kaspersky, 35% of users who have been hacked via streaming platforms have been affected by trojans. When this malware enters a corporate computer, attackers can, among other things, gain access to the company's network and steal confidential information, such as business development plans or personal data of employees.

There is a tendency to blame former employees for a possible data breach. However, according to a Kaspersky study, only half of those responsible for these organizations are confident that their former employees do not have access to company data stored in the cloud or use corporate accounts. It's possible that even the former employee himself is unaware that he has access to these resources, which doesn't prevent a simple check from showing that unauthorized individuals can access sensitive information. Something that, in addition, can be the cause of fines.

Leaving an employee in a heartbeat also does not prevent danger. Who guarantees that you have not used weak passwords that can be detected by intruders? Any re-access to the system, whether it's collaboration environments, work email, or virtual machines, increases the attack surface. Even a conversation between employees on topics that are not necessarily work-related can be used to launch social engineering attacks.

DDoS attacks

DDoS attacks limit company resources, such as your website. The principle of operation is simple: multiple access requests are sent to a page to exceed its ability to handle traffic. The volume of requests is so high that it stops working properly.

Cybercriminals use a variety of methods to attack banks, retailers, or SMEs and often resort to DDoS attacks. Recently, the German website Takeaway.com was hijacked in this way. The attackers demanded two bitcoins (32,000 euros) to stop the attack. DDoS incidents for online businesses increase at Christmas, when customers are more active.

The upward trend is also observed in the gaming sector. Final Fantasy 14 data centers in North America were attacked in August. Players experienced problems with connection, registration, and data exchange. Blizzard's multiplayer games (Call of Duty, World of Warcraft, Overwatch, Hearthstone, and Diablo: Immortal) were also subject to DDoS attacks. It should be noted that many attacks of this type go unreported because the amounts involved are not very large.

Supply chain

Supply chain attacks involve a temporarily used service or program becoming malicious. They are launched through a company's vendors or suppliers: banks, logistics companies, or even food delivery services. These events vary in both complexity and degree of disruption.

For example, it has been observed that some attackers use ExPetr (aka NotPetya) to hack into the automatic update system of the accounting software MEDoc, forcing it to deliver ransomware to its customers. Large companies and SMEs were affected, resulting in millions of dollars in losses.

CCleaner, one of the most well-known registry cleaning programs used by both ordinary users and system administrators, was also hacked. The attackers included a backdoor or Backdoor in several versions that were distributed from the company's official websites for a month. They were downloaded 2.27 million times, and at least 1.65 million copies of the malware tried to contact the cybercriminals' servers.

DiceyF incidents in Southeast Asia are also significant, mainly focused on an online casino operator. Also noteworthy is SmudgeX, an unknown advanced persistent attack (APT) that compromised a distribution server by replacing a legitimate installer with a Trojan that distributed PlugX to government officials in a South Asian country who were supposed to install the tool. Almost certainly, the IT systems managing the distribution server and the developers were affected.

Malware.

It can be found anywhere. If you download illegal files, it's important to make sure they are free of malware. The most active threats are ransomware, which targets data, money, or personal information of company owners. In this sense, it should be noted that more than a quarter of SMEs use pirated or unlicensed software to reduce costs. This software may contain malicious or unwanted files that threaten corporate networks and computers.

Entrepreneurs should also take into account illegal brokers who provide third parties with access to companies, something that will cause great damage in 2023. They use cryptococking, bank key theft, ransomware, cookie theft, and other highly problematic malware. An example is Emotet, a malware that steals bank passwords and impacts organizations around the world. Another group that focuses on small and medium-sized enterprises is DeathStaller, known for its attacks on legal, financial, and travel organizations. It focuses on stealing confidential information related to legal cases involving important people and large financial assets, commercial intelligence, and mergers and acquisitions.

As small and medium-sized enterprises continue to navigate the digital landscape, understanding cyber threats is crucial. For related insights into enhancing your odds in another risk-based arena, check out the 5 best tricks for winning in sports betting.

Social engineering

Since the beginning of the pandemic, many companies have moved a significant part of their workflow online and have learned to use collaboration tools. In this regard, it is worth noting the growing use of Microsoft Office 365. It is not surprising that phishing is increasingly focused on the accounts of those who use this platform. Fraudsters are using any trick to get users to enter their passwords on websites that pretend to be genuine.

At Kaspersky, we have identified new and sophisticated forms of deception targeting business owners. Some of them impersonate credit or delivery services, distribute fake websites, or send emails with misleading accounting documents. Other criminals pose as legitimate online platforms, such as Wise Transfer, to profit from their victims.

Another discovery of Kaspersky analysts was a link to a website translated using Google Translate. The attackers used this service to bypass the security mechanisms of companies. Thus, an email is sent with a file containing a payment document that supposedly points to a website translated by Google Translate, but actually leads to a fake website that seeks to steal the victim's money.

In short, cybercriminals will try to reach their victims by any means possible: unlicensed software, websites, phishing emails, breaches in a business's security network, or massive DDoS attacks. A recent Kaspersky survey showed that 41% of small and medium-sized enterprises have a crisis prevention plan in place, indicating that they care about cybersecurity and understand the complexity of dealing with such incidents. We hope that this will lead to the implementation of reliable security solutions.