SMB Cyber Infections Rising Amid Resurgence of Attacks Leveraging Microsoft Excel

A new Kaspersky report highlights a troubling rise in cyber infections targeting small to medium-sized businesses (SMBs). The number of infections experienced by the sector has risen by 5% over the first quarter of 2024 compared to the same period last year. The report reveals that 2,402 users encountered malware and unwanted software hiding in or mimicking software products, with 4,110 unique files distributed under the guise of SMB-related software. This represents an 8% increase year-on-year, suggesting an ongoing rise in attacker activity.

Rise in Cyber Attacks

Kaspersky’s latest report underscores that SMBs are increasingly being targeted by cybercriminals. The most prevalent form of attack continues to be Trojans, which are particularly hazardous as they mimic legitimate software and evade traditional security measures. Unlike viruses, Trojans cannot self-replicate, but their adaptability makes them a potent tool for cybercriminals.

In the period from January to April 2024, Kaspersky recorded 100,465 Trojan attacks, a 7% increase from the same period in 2023. This figure is 83,145 more than the next highest threat, DangerousObjects, which recorded 17,320 attacks—an increase of 6,994 from 2023.

Microsoft Excel as a Primary Attack Channel

Microsoft Excel has resumed its position as the primary channel of attack, moving from fourth to first place between 2023 and 2024. Microsoft Word secured second place, while Microsoft PowerPoint and Salesforce were the third most targeted applications. Kaspersky analysts used telemetry from the Kaspersky Security Network (KSN) to cross-reference threats related to applications commonly used in the SMB space, such as MS Office, MS Teams, and Skype. This allowed them to determine the prevalence of malicious files and unwanted software related to these programs, as well as the number of users attacked by these files.

Phishing Threats

Phishing remains a constant threat in the SMB sector, often leading to catastrophic consequences for businesses. Employees receive links to seemingly legitimate websites that mimic popular services, corporate portals, and online banking platforms. Once targets sign in, they inadvertently divulge usernames and passwords to cybercriminals or trigger automated cyberattacks, compromising sensitive information and business security.

Expert Insights

“Our intelligence reveals that human error, often due to poor cybersecurity awareness, remains a significant vulnerability for SMBs. In addition, the ubiquitous use of Microsoft Excel in office environments provides fertile ground for cybercriminals who can hide and manipulate malicious data in large datasets that are then widely shared across a business. Although SMBs might be under the illusion they are not a target, they belong to a huge ecosystem of interconnected assets and cybercriminals will exploit any weakness. For this reason, it is critical for all SMBs to create clear policies for accessing any corporate assets and ensure that staff are regularly reminded of the importance of following basic cybersecurity rules,” commented Vasily Kolesnikov, a cybersecurity expert at Kaspersky.

Importance of Protecting SMBs

Protecting the SMB sector from the increasing interest of cybercriminals is crucial for addressing global economic, social, and environmental challenges, particularly in emerging growth economies. According to UN data, 7 out of every 10 jobs in emerging economies are in the SMB sector. Access to finance is disproportionately challenging for SMBs, making it harder for them to protect themselves against cyberattacks.

As the report indicates, the rising trend of cyber infections and attacks leveraging Microsoft Excel and other common software products highlights the urgent need for enhanced cybersecurity measures in the SMB sector. By increasing awareness, implementing robust security policies, and regularly training employees on cybersecurity best practices, SMBs can better safeguard their operations and contribute to a more secure global business environment.