According to one cybersecurity firm’s own data, bug exploits, trojans, backdoors and potentially unwanted applications are major risks to regional SMEs.

In an analysis of anonymized metrics “voluntarily shared by customers” from small- and medium-sized enterprises from January through May 2023, Kaspersky experts have discerned some of the cyber threats affecting its SME customers in the South-east Asia region.

Based on the analysis, the firm asserts that, next to a dramatic drop in sales, a cybersecurity crisis would also be the most difficult type of crisis to deal with.

Next, the four threats that the firm found affecting SEA SMEs were:

    • Exploits
      For H1 2023 the data showed that malicious and/or unwanted software often infiltrated the victims organizations’ network through exploits, which are malicious software designed to take advantage of vulnerabilities. They can run other malware on the system, elevate the attackers’ privileges, cause the target application to malfunction or deviate from normal behavior. They are often able to penetrate devices without any action by the users.

    • Trojans
      The second-biggest threat were Trojans. These malware enter the system in disguise and then start their malicious activity surreptitiously to avoid detection. Depending on their genre each trojan can perform various actions, such as deleting, blocking, modifying or copying data, disrupting the performance of a computer or computer network, and so on.

    • Backdoors
      These are among the most dangerous types of malware because once they penetrate a system, they give the cybercriminals remote control such as installing, launching and running programs, sending, receiving, executing and deleting files; harvesting confidential data from the computer; logging user activities; and more — without the consent or knowledge of the user.

    • Potentially Unwanted Applications (PUAs) These non-virus software are not malicious in and of themselves, but they are listed as the most widespread sources of annoying, sometimes even dangerous activities in SME systems. Despite not being illegal, such PUA are singled out by anti-malware protection systems as they can be installed into a system without intention.

These top threats can be delivered through phishing emails, vulnerability exploitation, social engineering and even “smishing” (a combination of SMS and phishing) on various messaging platforms.