Small and medium sized businesses (SMBs) are increasingly being hit by cyber attacks, according to new research, with Microsoft Excel the number one channel of attack.
Analysis from Kaspersky shows, the number of infections experienced by SMBs in the first quarter of this year rose by 5% compared to the same period last year.
More than 2,400 firms encountered malware and unwanted software hiding in or mimicking software products, with 4,110 unique files distributed under the guise of SMB-related software.
This, the firm said, represents an 8% increase year-on-year and implies that the activity will only continue to increase.
"Although SMBs might be under the illusion they are not a target, they belong to a huge ecosystem of interconnected assets and cyber criminals will exploit any weakness," said Vasily Kolesnikov, a cybersecurity expert at Kaspersky.
The most common type of attack continues to be Trojans. These are especially hazardous, Kaspersky said, because unlike viruses they cannot self-replicate and usually mimic legitimate software, allowing them to evade traditional security measures.
The number of Trojan attacks between January and April this year hit 100,465 - a 7% increase on the same period in 2023.
The next highest threat came from the DangerousObjects malicious software, with 17,320 attacks recorded – nearly seven thousand more than in 2023, and the fastest-rising threat year on year.
Microsoft Excel is once again the number one channel of attack, moving from fourth to first place between 2023 and 2024. Microsoft Word is in second place, with Microsoft PowerPoint and Salesforce the third-most targeted applications.
Kolesnikov said threat actors are ramping up attempts to exploit Excel in cyber attacks due to the popular use of the software among small businesses.
"The ubiquitous use of Microsoft Excel in office environments provides fertile ground for cyber criminals who can hide and manipulate malicious data in large datasets that are then widely shared across a business," Kolesnikov commented.
Human error is still a big threat, however, with phishing attacks distributed via various channels, including spoofed emails and social media.
In recent years, Kaspersky said it's observed a trend of spreading web pages that mimic the most commonly used Microsoft services, such as Microsoft 365, Outlook and OneDrive.
This technique exploits the tendency for businesses to use a single software package for all business purposes, making its users more dependent on particular applications and services and thus more susceptible to this attack vector.
Meanwhile, attackers are using legitimate Facebook infrastructure to compromise corporate social media accounts, with Kaspersky uncovering numerous cases of attackers mimicking genuine social media login pages.
The company said it's discovered multiple cases of SMB-oriented spam.
"It is critical for all SMBs to create clear policies for accessing any corporate assets and ensure that staff are regularly reminded of the importance of following basic cybersecurity rules," Kolesnikov said.
