Threat Actors Exploit ChatGPT, Cisco AnyConnect, Google Meet, and Teams in Attacks on SMBs

Threat actors are increasingly leveraging the trusted names of popular software and services like ChatGPT, Cisco AnyConnect, Google Meet, and Microsoft Teams to orchestrate sophisticated cyberattacks.

According to a recent report by Kaspersky Lab, SMBs, often perceived as less fortified than larger enterprises, are prime targets for both opportunistic hackers and organized cybercrime groups.

Rising Cyber Threats

The report, based on data from Kaspersky Security Network (KSN) between January and April 2025, reveals that approximately 8,500 SMB users faced attacks involving malware or potentially unwanted software (PUS) disguised as legitimate tools.

Among these, Zoom emerged as the most mimicked platform, with 1,652 unique malicious files a staggering 41% of the total and a 14-percentage-point surge from 2024.

Microsoft Office applications like Outlook and PowerPoint followed, each at 16%, while AI-driven tools like ChatGPT saw a 115% spike in impersonated malicious files, reaching 177 cases.

The evolving threat landscape underscores a shift toward exploiting AI services and collaboration platforms, capitalizing on their widespread adoption amid remote work trends.

Attackers are not only scaling phishing and malware campaigns with AI-powered automation but also adapting their tactics to mimic services integral to SMB operations.

Phishing Schemes on the Rise

For instance, Microsoft Teams and Google Drive saw increases in malicious file shares by over 3 and 1 percentage points, respectively, reflecting how cybercriminals exploit trust in these tools to deceive users into downloading harmful content.

Additionally, the emergence of new AI models like DeepSeek in 2025 has already led to its inclusion among frequently impersonated applications.

Beyond software impersonation, phishing schemes targeting SMBs have grown more insidious, with attackers crafting fake pages mimicking Google business accounts or banking services like Global Trust Bank to steal credentials or extort money.

Classic scams, such as the “Nigerian” fraud promising large financial transfers, continue to prey on unsuspecting businesses, often demanding smaller upfront payments for promised windfalls.

The primary threats identified for SMBs in 2025 include downloaders, Trojans, and adware, with downloaders leading as tools that covertly install malicious payloads.

Trojans, capable of data theft and system disruption, and adware, often bundled with free software, round out the top risks.

Kaspersky experts warn of additional dangers like Trojan-Downloaders and backdoors, exemplified by campaigns such as TookPS, which spreads via fake websites of legitimate remote access software.

To combat these threats, SMBs are urged to adopt robust cybersecurity measures, including endpoint security solutions, regular employee training on phishing awareness, and strict protocols for software downloads from official sources only.

Implementing multi-factor authentication, maintaining updated access controls, and backing up critical data are also critical steps to ensure resilience against these persistent and evolving cyber threats.

As regulations tighten and attack sophistication grows, SMBs must prioritize cybersecurity to safeguard their operations and maintain business continuity in an increasingly hostile digital environment.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates