Global cybersecurity company, Kaspersky, recently announced that 44,022 malware attacks against SMBs employees in Southeast Asia (SEA) from January to June 2023 have been blocked, compared to 9,482 attacks in the same period in 2022.
“SMBs are the backbone of Southeast Asia’s economy. They make up nearly half of the region’s GDP, contribute to 85% of jobs here, and they account for more or less 99% of the businesses in SEA. To meet the changing needs of their customers, it is essential for this sector to embrace digitalization, albeit most are skipping the cybersecurity part of it,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Some of the most common threats facing SMBs in SEA are Exploits, Trojans, Backdoors, and Potentially Unwanted Applications (PUAs).
Exploits
The biggest threat to SMBs in the first six months of 2023 were exploits. Malicious and/or unwanted software often infiltrates the victim’s computer through exploits, malicious programs designed to take advantage of vulnerabilities in software. They can run other malware on the system, elevate the attackers’ privileges, cause the target application to crash and so on. They are often able to penetrate the victim’s computer without any action by the user.
Trojans
The second-biggest threat were Trojans. Named after the mythical horse that helped the Greeks infiltrate and defeat Troy, this type of threat is the best-known of them all. It enters the system in disguise and then starts its malicious activity. Depending on its purpose, a Trojan can perform various actions, such as deleting, blocking, modifying or copying data, disrupting the performance of a computer or computer network, and so on.
Backdoors
The third most common threat is backdoors. These are among the most dangerous types of malware as, once they penetrate the victim’s device, they give the cybercriminals remote control. They can install, launch and run programs without the consent or knowledge of the user. Once installed, backdoors can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity, and more.
Potentially Unwanted Applications (PUAs)
The most common threat is potentially unwanted applications (PUAs). PUAs threats are labelled as “not-a-virus” by Kaspersky. PUAs can be inadvertently installed on devices. These annoying, but dangerous threats are alerted by antivirus. Despite being legal, they often sneak onto a device without the user even realizing.
Cybercriminals attempt to deliver these threats and other malware and unwanted software to SMBs employee’s devices by using any means and ways, such as vulnerability exploitation, phishing emails and fake text messages, even with something totally unrelated to business such as a YouTube link, as their employees often use the same devices for works and personal matters.
One of the methods often used to hack into employees’ devices is the so-called “smishing”. Smishing is a combination of SMS and phishing. The victim receives a link via SMS, WhatsApp, or other messaging application. Once the user clicks the link, malicious code is uploaded into the systems.
“According to our latest cyber resilience report, in 2022, four in ten employers admitted that a cybersecurity incident would be a major crisis for their businesses. Therefore, cybersecurity must be taken seriously by all SMBs,” concluded Yeo.