SMB cyber infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

On  International SMB Day, a new Kaspersky report reveals that the number of infections experienced by the sector has risen by 5% over the first quarter of 2024, compared to the same period last year. The number of users who encountered malware and unwanted software hiding in or mimicking software products was 2,402, with 4,110 unique files distributed under the guise of SMB-related software. This represents an 8% increase year-on-year and suggests an ongoing rise of attacker activity.

Small to medium-sized businesses (SMBs) are increasingly being targeted by cybercriminals, according to the latest Kaspersky’s report released today. The most prevalent form of attack continues to be Trojans, which are especially hazardous because, unlike viruses, they cannot self-replicate, and they usually mimic legitimate software. Their adaptability and capacity to evade traditional security measures render them a widespread and potent tool for cybercriminals.

Kaspersky recorded the number of Trojan attacks for the period Jan – April 2024 at 100,465 representing a 7% increase on the same period in 2023, and 83,145 more attacks than the next highest threat measured posed by DangerousObjects, itself recording 17,320 attacks – some 6,994 more than in 2023.

Microsoft Excel has resumed its position as the number one channel of attack, moving from fourth to first place between 2023 and 2024. Microsoft Word secured second place, while Microsoft PowerPoint and Salesforce were the third most targeted applications.

To access information on the threats related to the SMB sector, Kaspersky analysts cross referenced selected applications, such as MS Office, MS Teams, Skype, and other programs used in the SMB space against Kaspersky Security Network (KSN) telemetry. This enables them to determine the prevalence of malicious files and unwanted software related to these programs, as well as the number of users attacked by these files.

Phishing remains a constant threat in the SMB sector and can have catastrophic consequences for business. Employees receive links to seemingly familiar and legitimate websites that imitate popular services, corporate portals, and online banking platforms. Once targets sign in, they inadvertently divulge usernames and passwords to cybercriminals or trigger automated cyberattacks, compromising sensitive information and business security.

“Our intelligence reveals that human error, often due to poor cybersecurity awareness, remains a significant vulnerability for SMBs. In addition, the ubiquitous use of Microsoft Excel in office environments provides fertile ground for cybercriminals who can hide and manipulate malicious data in large datasets that are then widely shared across a business. Although SMBs might be under the illusion they are not a target, they belong to huge ecosystem of interconnected assets and cybercriminals will exploit any weakness. For this reason, it is critical for all SMBs to create clear policies for accessing any corporate assets and ensure that staff are regularly reminded of the importance of following basic cybersecurity rules,” comments Vasily Kolesnikov, a cybersecurity expert at Kaspersky.

Protecting the SMB sector from the increasing interests of cybercriminals is crucial for the global economic, social and environmental challenges that lie ahead, particularly in emerging growth economies. According to UN data, 7 out of every 10 jobs in emerging economies are in the SMB sector, while access to finance is disproportionately challenging, making it harder for businesses in the sector to protect themselves against attack.

Read the full report on


3 Today views, 187 Total views