Due to their widespread use, popular productivity tools are often targeted and attacked by hackers. These tools create a large attack surface area and offer the potential to access huge amounts of sensitive data.
Successful exploitation of these tools enables threat actors to access multiple organizations, disrupt business operations, and exploit trust to spread malware or steal personal information.
Cybersecurity researchers at Kaspersky Lab recently discovered that threat actors have been actively exploiting SMBs using popular productivity tools.
Threat Actors Exploiting SMBs
The adoption of digital technology and limited funds have made small and medium-sized businesses more prone to cyber security threats.
Kaspersky Security Network telemetry has interpreted Kaspersky’s analysis of threats in 2024 to indicate a high incidence of malicious files focusing on SMB applications.
Adequate security is an essential requirement for UK small and medium-sized businesses, with about half expected to suffer annual cyber-attacks. Accordingly, appropriate technological and organizational culture responses are necessitated.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
This trend points out SMEs’ vulnerability to cyber attacks and the costs that can be incurred through operational disruption and financial losses.
The following programs were included in this research by the security analysts:-
- Microsoft Excel
- Microsoft Outlook
- Microsoft PowerPoint
- Salesforce
- Microsoft Word
- Microsoft Teams
- QuickBooks
- Microsoft Exchange
- Skype for business
- ClickUp
- Hootsuite
- ZenDesk
Between January and April 2024, SMBs were targeted by malware and unwanted software, affecting 2,402 users. A total of 4,110 unique malicious files were distributed, an 8% increase from 2023.
Excel has emerged as the most forged application for attacks, coming fourth on the list in 2023. Overall, infections in the SMB sector increased by 5% to reach 138,046 during this period compared with those noted early last year.
.webp)
Trojans continued to be the most common threat, showing that threat actors like developing malware that mimics legal programs, making it difficult to uncover.
Notably, DangerousObject attacks, a wide-ranging class of formerly unknown malicious software samples found by Kaspersky Cloud Technologies, experienced the greatest YoY upturn.
This trend shows how fast-changing cyber threats are and the improved sophistication of attacks against SMBs, consequently implying that highly sophisticated adaptive security systems must be used in this sector.
SMBs continue to have a big hole in employee negligence, while phishing attacks are hazardous.
.webp)
Threat actors use various channels to trick users into sharing their personal information, including spoofed emails, websites, and social media accounts.
Their primary targets are delivery services, insurance portals, and Microsoft services. Social media account takeovers can damage businesses’ reputations and even result in customer data breaches.
Often, spam aimed at SMBs promises attractive yet untrustworthy services.
To counter these threats, SMBs should invest in comprehensive cybersecurity solutions, Establish access policies for corporate resources, Limit and update access to critical data, implement robust security measures, and regularly train employees on how to recognize and evade cyber threats.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo