The four types of cyber threats most commonly faced by the SEA MSME sector are Exploits, Trojans, Backdoors, and Not-a-virus, based on Kaspersky report.
Heaptalk, Jakarta — During the first half of 2023, Kaspersky blocked 44,022 malware attacks against MSME employees in Southeast Asia (SEA). The number of attacks increased almost fourfold compared to the same period in 2022, namely only 9,482 attacks.
In Indonesia, this cyber security company detected 11,969 malware attacks against MSMEs in H1 this year, a double increase compared to H1 last year which only reached 6,534 attacks. Meanwhile, Vietnam recorded 25,194 malware attacks in the first half of this year, a significant increase compared to 1,240 attacks in the first half of last year.
General Manager of Southeast Asia at Kaspersky Yeo Siang Tiong delivered that MSMEs are the backbone of the Southeast Asian economy. He said, “These businesses account for nearly half of the region’s GDP, 85% of employment, and nearly 99% of businesses in Southeast Asia. To meet changing customer needs, the sector needs to embrace digitalization, even if the cybersecurity aspect has been neglected.”
In more detail, cybercriminals attempt to deliver malware and unwanted software to employee devices using any means necessary, for example, vulnerability exploits, phishing emails, and fake text messages. Additionally, something completely unrelated to business, such as a YouTube link, can be used to target MSMEs, as their employees often access the same devices for work and personal matters.
Apart from that, cybercriminals also apply the smishing method, a combination of SMS and phishing, to hack employee smartphones. Victims receive a link via SMS, WhatsApp, Facebook Messenger, WeChat, or other messaging applications. Then, malicious code is uploaded to the system if the victim clicks on the link.
Kaspersky revealed the four types of cyber threats most commonly faced by the MSME sector namely Exploits, Trojans, Backdoors, and Not-a-virus.
Exploits
This type of cyber threat is a malicious program designed to exploit software vulnerabilities. The Exploit can run other malware on the system, elevate the attacker’s privileges, and cause the victim’s application to crash. This cyber threat is often able to penetrate the victim’s computer without any action from the user.
Trojans
Named after the mythical horse that helped the Greeks infiltrate and defeat Troy, this type of threat is the most famous of them all. Trojan enters the system in disguise and carry out its malicious activities. Depending on its purpose, a Trojan can perform diverse actions, such as deleting, blocking, changing, or copying data as well as disrupting the performance of a computer or computer network.
Backdoors
This type is one of the most dangerous among other cyber threats. Backdoor immediately provides cybercriminals with a remote control after penetrating the victim’s device. Backdoor can install, launch, and run programs without the user’s consent or knowledge. After being installed, the malware can be instructed to send, receive, execute, and delete files as well as retrieve confidential data from a computer.
Not-a-virus
Kaspersky labels ‘not a virus’ against potentially unwanted applications (PUA) that may be accidentally installed on the device. Basically, Not-a-virus is not dangerous although this threat is in the broadest category and can be used by cybercriminals to cause harm. However, its behavior is disturbing and sometimes even dangerous. Therefore, antivirus warn users as, although legal, Not-a-virus often sneaks into the device without the user realizing it.
