Anti-phishing technology triggered more than 800k times from January to March, shows small and medium businesses need improved security capabilities as remote working continues
Based on the latest statistics from Kaspersky, the first three months of 2020 proved to be busy for cybercriminals targeting small and medium businesses (SMBs) in Southeast Asia (SEA). The global cybersecurity company’s Anti-Phishing System prevented 834,993 phishing attempts against companies with 50-250 employees, a 56% increase compared with the same period last year with just over 500k fraudulent attempts blocked.
The rating of organisations targeted by phishing attacks is based on the triggering of the heuristic component in the Anti-Phishing system on user computers. This component detects all instances when the user tries to follow a link in an e-mail or on the Internet to a phishing page in cases when such link has yet to be added to Kaspersky’s databases. The statistics mentioned are analysed from Kaspersky’s solutions for SMBs operating with Windows, Mac OS, and Linux.
“The financial toll combined with the urgent need to adapt to a forced remote working arrangement without enough preparation undoubtedly put the IT security of SMBs on the edge. At the same time, cybercriminals are unethically piggybacking on the current chaos to increase their attacks’ success rate through social engineering tactics like phishing. Our data revealed such attempts are increasing as our technology foiled more phishing attempts this year than in 2019,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Phishing is one of the most flexible types of social engineering attack, as it can be disguised in many ways and used for different purposes. Social engineering attacks, or tricking the mind, exploit human emotions to victimise users online. Cybercriminals are also incorporating topics and “hot phrases” related to COVID-19 into their content, boosting the chances of their infected links or malicious attachments getting opened.
The damage of this online crime ranges from hacked companies’ networks to stolen confidential data like personally identifiable information (PII), financial credentials, and even corporate secrets. Aside from this, it is known that phishing attacks, particularly those with malicious link or attachment, are popularly used as launch pads for targeted attacks on organisations, such as the case of the $81M Bangladesh Bank Heist.
In terms of per country statistics, all of the six countries in SEA registered an increased number of fraudulent emails blocked by Kaspersky in Q1 2020 as compared with the same period last year.
Number of phishing attempts against SMBs blocked by Kaspersky Anti-Phishing System
Country Q1 2020 Q1 2019
Indonesia 192,591 158,492
Malaysia 132,106 90,825
Philippines 76,478 29,677
Singapore 44,912 30,410
Thailand 144,243 107,284
Vietnam 244,663 116,945
“Small and medium enterprises form the backbone of SEA’s growing economy, contributing immensely on both gross domestic product and employment. It is clear that governments across the region are aware of this as each has formulated different ways to help the sector during this challenging period. For our part, we are currently offering our select solutions for free to help SMBs and even the healthcare industry fend off escalating cyberattacks against them,” adds Yeo.
Especially created with the SMBs’ security needs in mind, Kaspersky is giving six months free licenses for Kaspersky Security for Microsoft Office 365. Designed to protect mailboxes from viruses, Trojans, spam, phishing and other types of malware that can be spread via email, this solution also protects cloud-oriented enterprise communication and collaboration apps such as Microsoft Exchange Online, OneDrive, SharePoint Online and Teams from known and unknown cyberthreats.
Kaspersky, in collaboration with Area9 Lyceum, has also prepared a 20-30 minutes free online course on how to adapt to working safely from home, divided into two parts:
Interested customers can access the course through this link. https://go.kaspersky.com/stay_secure_course.html
Aside from these, Kaspersky experts suggest the following tips for SMBs to avoid being lured by cybercriminals through phishing: