Connect with us

Hi, what are you looking for?

HEADLINES

Password stealers eye SMBs in SEA

Hit badly by the pandemic-induced lockdowns, SMBs here are embracing e-commerce and digitalization efforts to recover from the prolonged bout with physical restrictions and unstable cash flow. Cybercriminals, on the other hand, are delivering their own one-two punch.

Photo by @privecstasy from Unsplash.com

Small and medium businesses (SMBs) are the backbone of Southeast Asia’s (SEA) growing economy. Accounting for more than 90% of the private businesses in the region, this sector is responsible for generating employment, exports, and GDP growth on a per country and regional level.

Hit badly by the pandemic-induced lockdowns, SMBs here are embracing e-commerce and digitalization efforts to recover from the prolonged bout with physical restrictions and unstable cash flow. Cybercriminals, on the other hand, are delivering their own one-two punch.

Kaspersky reveals the malicious activities zeroing in on small and medium enterprises in SEA during the first half of 2022. 

In just six months, cybercriminals have launched 11,298,154 web attacks against SMBs here. Most of the incidents are blocked from infecting Kaspersky users from Indonesia, Vietnam, and Thailand.

Kaspersky’s telemetry on SMB covers enterprises with 50-250 employees and is based on detection verdicts of Kaspersky products received from SMB users who consented to provide statistical data.

Advertisement. Scroll to continue reading.

Web-based threats, or online threats, are a category of cybersecurity risks that may cause an undesirable event or action via the internet. Web threats are made possible by end-user vulnerabilities, web service developers/operators, or web services themselves. 

“SMBs here play a huge role in the economic growth of Southeast Asian countries and the region as a whole. The cost of a single data breach against an SMB is $74,000 in 2021, according to our latest report. We all know that this sector has been on its knees since the pandemic and with the wave of attacks cybercriminals are launching against them, we should find the balance of including cybersecurity into their limited budget to ensure a more sustainable recovery,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

Aside from web threats, Kaspersky also has detected a total of 373,138 Trojan-PSW (Password Stealing Ware) trying to infect SMBs based in the region.

The highest number of incidents was foiled in Vietnam, Indonesia, and Malaysia during the first half of 2022.

Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the corporate network and steal sensitive information.

Advertisement. Scroll to continue reading.

“Small business owners may think their companies are too insignificant to become a target for cybercriminals. There is a certain logic in that because attackers usually look for maximum profit from minimum effort. However, enterprises and government organizations should remember that SMBs are usually third-party suppliers to bigger companies and critical entities. This sector is part of a bigger chain and like dominoes, if a single password stealer can enter into a small enterprise’s systems, consider the entire chain compromised,” warns Yeo.

For small businesses, choosing a security solution is traditionally difficult. Products for home users lack the necessary capabilities, and solutions for large businesses are expensive and too complicated to manage without a dedicated IT Security department. 

In addition, the challenge to keep the cash flow after the health crisis continues to haunt SMBs in the region, putting the possibility of a cybersecurity budget on the back burner.

To avoid falling victim to web attacks and Trojan password steals, Kaspersky suggests small and medium businesses to follow these tips:

  • When it comes to granting access to resources or services you should follow the least privilege principle. That is, an employee must have the minimum set of access rights — enough only to perform their tasks.
  • Know exactly where your important information is stored, and who has access to it. From this, develop guidelines when hiring new employees, including clearly defining which accounts are needed for each employee, and which ones should be limited only to certain roles.
  • Mature corporate cybersecurity culture helps to prevent many cyberthreats. You can, for example, start with creating a cybersecurity manual for employees so that everyone is on the same page. Here’s a good example for new employees.
  • All passwords must be stored in a secure password manager. It will help your employees not to forget or lose them and also to minimize the chance that an outsider will get access to your accounts. Also, use two-factor authentication mechanisms wherever possible.
  • Advise your employees to lock their computers when they walk away from the desk. They should keep in mind that an office can be visited by all kinds of third parties, including couriers, clients, subcontractors, or job seekers.
  • Consider installing antivirus software in order to protect devices from viruses, trojans and other malicious programs.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement