Woburn, MA – May 18, 2022 – Kaspersky has released an assessment of cyberattacks targeting small and medium-sized businesses in 2022. Researchers compared the period between January and April 2022 to the same period in 2021, finding increases in the number of Trojan-PSW detections, internet attacks, and attacks on Remote Desktop Protocol.
With small business owners typically handling numerous responsibilities at the same time, cybersecurity is often an afterthought. However, this disregard for IT security is being exploited by cybercriminals. With this in mind, Kaspersky researchers assessed the threats that pose an increasing danger to entrepreneurs.
In 2022, the number of Trojan-PSW(Password Stealing Ware) detections increased by almost a quarter compared to the same period in 2021 一 4,003,323 compared to 3,029,903. Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the corporate network and steal sensitive information.
Another popular attack tool used on small businesses is internet attacks, specifically, web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&C centers, etc. The number of these attacks also increased in the first trimester of 2022. In comparison to 32,500,000 infections in 2021, Kaspersky detected almost 35,400,000 in the first four months of 2022.
With the widespread shift toward remote work, many companies have introduced Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home. The overall number of attacks on RDP saw a slight decrease globally, but grew in the U.S., going from 47.5 million attacks in the first trimester of 2021 to 51 million in the same period of 2022.
“With the shift to remote working and the introduction of numerous advanced technologies in the daily operations of even small companies, security measures need to evolve to support these sophisticated setups,” said Denis Parinov, security researcher at Kaspersky. “Cybercriminals are already way ahead of the curve, so much so that virtually every organization will experience a breach attempt at some point. For small companies today, it's not a matter of whether a cybersecurity incident will happen but when. Having trained staff and an educated IT-specialist is no longer a luxury but a must-have part of your business development.”
To protect your business, Kaspersky recommends:
● Providing your staff with basic cybersecurity hygiene training as many targeted attacks start with phishing or other social engineering techniques.
● Using a protection solution for endpoints and mail servers with anti-phishing capabilities to decrease the chance of infection through phishing emails.
● Taking key data protection measures. Always safeguard corporate data and devices, including by using password protection, encrypting work devices and ensuring data is backed up.
● Keeping work devices physically safe – do not leave them unattended in public, always lock them and use strong passwords and encryption software.
● Use a security solution enables attack visualization and provides IT administrators with a convenient tool for incident analysis. The new edition of Kaspersky Endpoint Security Cloud, dubbed Kaspersky Endpoint Security Cloud Pro, contains advanced new capabilities, including automated response options and an extended set of security controls in a single solution. The Pro version also includes built-in training for IT workers seeking to boost their cybersecurity skills and make the most out of their specialized security products.
● Small businesses with limited IT resources can use the updated Kaspersky Small Office Security to keep all of their work devices protected, safely transfer any valuable business-related files and avoid falling victim to ransomware.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
Sawyer Van Horn