Getty Images/iStockphoto

Small businesses under fire from password stealers

Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries.

Password-stealing malware and other cyber attacks have increased significantly against small businesses over the past year, according to Kaspersky researchers.

An assessment released this week detailed the number of Trojan Password Stealing Ware (PSW) detections, internet attacks and attacks on Remote Desktop Protocol (RDP) between January and April 2022, compared with the same time frame from 2021. Kaspersky's research showed a jump in the detection of password stealers within small business environments, as well as increases in other types of cyber attacks.

According to Kaspersky, the biggest increase in threats against small businesses was password stealers, specifically Trojan PSWs. There were nearly 1 million more detected Trojan PSWs targeting small and medium-sized businesses in the first trimester of 2022 than the first of 2021, increasing from 3,029,903 to 4,003,323.

Kaspersky also tracked attack data for individual countries, which was not included in the vendor's public assessment but provided to SearchSecurity. In tracking the Trojan PSW attacks for 219 countries, territories and unions, Kaspersky found some of the largest increases in Brazil, Canada, Colombia, Hungary, Mexico, Russia, Serbia and the U.S.

In Mexico, the number of these cyber attacks more than doubled from 123,640 to 323,434, while attacks in Russia increased by more than 100,000, and the U.S. saw an increase of more than 90,000. Brazil's numbers for password stealers nearly tripled, while Canada's went from 8,289 attacks in the first trimester of 2021 to 28,174 in 2022.

Colombia had an increase from 39,627 to 161,589. Hungary jumped from 3,232 to 30,708, and for Serbia the number went from 18,336 to 128,213.

Kaspersky's assessment also tracked internet attacks, which included malicious webpages and forced redirects, or browser hijacking. Kaspersky detected 35.4 million of these cyber attacks against small and medium-sized businesses over the first four months of the year, compared with 32.5 million in the same range in 2021.

Western European countries like France, Germany and the U.K. were among the countries that experienced the most internet attacks in 2022 so far, according to data supplied by Kaspersky, but their numbers stayed rather steady over the past year. Countries like Austria, Belgium, Chile, Egypt, Greece, Indonesia, Tunisia and the U.S. all saw these cyber attacks at least double.

The third type of attack that this report focused on was attacks against RDP, which has become a popular target of cybercriminals and threat actors during the pandemic. The technology allows employees to access corporate networks remotely. According to the report, RDP attacks against small businesses dipped globally, but increased from 47.5 million to 51 million in the U.S.

Kaspersky tracked data by month for these stats, comparing January, February and March 2021 to January, February and March 2022.

The U.S. was one of the only countries to see a significant increase in RDP attacks in each of the first three months of 2022 compared with the same period in 2021. There were some countries, however, that saw increases in just one or two of the months, including Brazil, Chile, Italy, the Netherlands and the U.K. The U.S. and Brazil saw the amount of RDP attacks in January 2022 increase by more than 5 million each when compared with last January. The other four countries saw each of their numbers go up by at least 1 million, and in some cases surpass 2 million attacks.

On the other hand, some of the largest decreases in RDP attacks for the three-month stretch were Hong Kong, Indonesia, India, Iran, Peru and South Korea. Each of those six countries and territories saw RDP attacks drop by more than 1 million; Hong Kong, India and Iran had their figures cut nearly in half when comparing January 2021 with January 2022. The comparisons for February and March were similar for each, with Iran dropping 10 million attacks when comparing February 2021 and 2022.

Denis Parinov, security researcher at Kaspersky, explained what might have led to the changes in numbers for RDP and password-stealing malware attacks.

"Attacks on Remote Desktop Protocol rose immediately when the pandemic struck and workers were sent home," Parinov told SearchSecurity. "For many companies, remote work is here to stay, while security measures still haven't caught up. Attackers may have identified PSW as another effective way to target those remote workers, compromising their accounts as a way to get onto a company's network."

In terms of how these cyber attacks project going forward, Parinov said that even comparing this quarter to last, the numbers have jumped, with a 9.2% growth in Trojan PSW attacks and a 35% growth in RDP attacks.

Dig Deeper on Identity and access management

Enterprise Desktop
Cloud Computing