Our experts have analyzed past and present cyber incident data and identified five major cyber threats for SMES to be vigilant against.

1. Data leaks caused by employees
   During the pandemic, many remote-working employees used corporate computers for entertainment purposes, such as playing online games, watching movies, or use e-learning platforms: something that continues to pose financial threats to organizations.

   While the situation has been addressed globally, corporate computers used for entertainment purposes remain some of the most common ways for hackers to get initial access to a firm’s network.

   Also, there is a tendency in SMEs to blame ex-workers of possible data leaks. However, suspected ex-colleagues may not even remember they had access to such-and-such resources in question. Perhaps they used a weak password that hackers cracked. Regardless of the internal source of a data leak, regulators will still impose a penalty for the breach. Therefore, SMEs need to purge unwanted user accounts as soon as possible.

   Bear in mind that any redundant access to a system — be it a collaborative environment, work email or virtual machine — increases the attack surface. Even a simple online chat among colleagues about non-work issues could be used for social-engineering attacks.

2. DDoS attacks
   This type of attack takes advantage of the specific capacity limits that apply to any network resources, such as the infrastructure that enables a company’s website. The DDoS attack will send multiple requests to the attacked web resource, with the aim of exceeding the website’s capacity to handle multiple requests, thereby preventing the website from functioning correctly.

   Recently, cybercriminals targeted the Takeaway.com (Lieferando.de), demanding two bitcoins (approximately US$11,000) to stop the flood of traffic. Moreover, DDoS attacks on online retailers tend to spike during holiday seasons, when their customers are most active. There is also a growing trend towards attacking gaming firms.

   Something to note is that many DDoS attacks go unreported because the payout amounts are often not substantial.

3. Supply chain attacks
   These are attacks delivered through a firm’s own vendors or suppliers. For example, attackers used ExPetr (aka NotPetya) to compromise the automatic update system of accounting software called M.E.Doc, forcing it to deliver the ransomware to all customers. As a result, ExPetr caused millions in losses, infecting both large firms and small businesses.

   Some cases n South-east Asia that drew our attention were DiceyF incidents. The prime targets were an online casino developer and operator and a customer support platform that were attacked in The Ocean 11 style. Or the SmudgeX incident comes to mind: an unknown APT compromised a distribution server and replaced a legitimate installer with a trojanized one, spreading PlugX malware within a South Asian nation to all federal employees who had to download and install the new, required tool.

4. Stay away from pirated software
   Our data suggests that about a quarter of SMEs resort to pirated, or unlicensed software to cut costs. Such illegal software can contain malware and trojan horses that steal data and endanger all users in the network.

   Additionally, SME owners must be aware of access brokers that will cause harm in a variety of ways in 2023. Their illegal-access customers include cryptojacking clients, banking password stealers, ransomware, cookie stealers, and other problematic malware.

   Emotet and DeathStalker are some well-known threats still lurking online.

5. Social engineering
   Scammers have been resorting to all sorts of tricks to get business users to enter their passwords on a website made to look like Microsoft Office’s sign-in page.

   Some are mimicking loan or delivery services by sharing false website or sending emails with fake accounting documents. Others masquerade as legitimate online platforms to get profit out of their victims: it may be even quite popular money transfer services, such as Wise Transfer.

   Another red flag discovered by Kaspersky experts is a link to a page translated using Google Translate. The senders of the email allege that the attachment is some kind of payment document available exclusively to the recipient, which must be studied for a “contract meeting presentation and subsequent payments.” The Open button link points to a site translated by Google Translate. However, the link leads to a fake site launched by attackers in order to steal money from their victims.