SEA SMBs, watch out for password attacks that are coming after you

Source – Shutterstock

Password attacks coming after Southeast Asian SMBs

  • More than 11 million cyber attempts are thwarted by Kaspersky
  • A single data breach in 2021 will cost an SMB $74,000

The value of access credentials has increased as people become more reliant on their personal electronic devices and businesses migrate important data to the cloud. In the early stages of serious advanced persistent attacks today, attackers use stolen credentials, such as users’ email, password, and other sensitive data.

What are password stealers?

These attacks are known as password stealers. Password stealers are a type of malware that steals account data. In essence, it is similar to a banking Trojan, but instead of intercepting or substituting entered data, it typically steals information that is already stored on the computer, such as cookies, usernames and passwords saved in the browser, and other files that may be on the infected device’s hard drive.

Technology can help businesses grow; the quick uptake of digital technology has accelerated globalization, changed the nature of the international economic order, and transformed the Asian economy.

The rising economy of Southeast Asia (SEA) is supported by small and medium-sized businesses (SMBs). The sector drives employment, exports, and GDP growth on a national and regional scale, making up more than 90% of the private firms in the region.

SMBs in the SEA region, which were severely affected by the lockdowns brought on by the epidemic, are embracing e-commerce and digitalization initiatives to recover from the protracted period of physical limitations and erratic cash flow. On the other hand, the one-two punch that cybercriminals are using is unique.

Password attacks running rampant on SMBs

In just six months, fraudsters have conducted 11,298,154 web attacks against SMBs in this region, according to Kaspersky. The majority of instances are prevented from infecting Kaspersky users in Thailand, Vietnam, and Indonesia.

Based on detection verdicts of Kaspersky products received from SMB users who agreed to contribute statistical data, Kaspersky’s telemetry on SMB includes firms with 50–250 employees.

Cybersecurity risks that may result in an unfavorable event or action over the internet are referred to as web-based threats, also known as online threats. Web threats can be caused by end-user vulnerabilities, web service operators, developers, or web services.

SMBs here have a significant impact on the economic development of Southeast Asian countries and the region as a whole, according to Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. In 2021, a single data breach would cost an SMB US$74,000, according to the latest Kaspersky research.

“We all know that this sector has been on its knees since the pandemic and with the wave of attacks cybercriminals are launching against them, we should find the balance of including cybersecurity into their limited budget to ensure a more sustainable recovery,” Yeo added.

In addition to web threats, Kaspersky has found 373,138 instances of Trojan-PSW (‘Password Stealing Ware’) attempting to infect SMBs in the region. In the first half of 2022, frequent occurrences were stopped in Vietnam, Indonesia, and Malaysia.

Yeo also said that small business owners might believe their establishments are too insignificant to be targeted by cybercriminals. That makes sense in a certain sense because attackers typically seek to maximize gains with the least amount of work.

“However, enterprises and government organizations should remember that SMBs are usually third-party suppliers to bigger companies and critical entities. This sector is part of a bigger chain and like dominoes, if a single password stealer can enter into a small enterprise’s systems, consider the entire chain compromised,” he explained.

Traditionally, choosing a security solution is challenging for small enterprises. While solutions for large enterprises are costly and difficult to operate without professional IT security staff, those for home users lack the requisite capabilities.

Furthermore, SMBs in the area are still struggling to maintain cash flows following the health crisis, which has forced them to put the idea of allocating funds for cybersecurity on hold.