Threat Intelligence

Malware Incidents at US SMBs Spiked 165% in Q1

Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, according to new Malwarebytes report.

Malware attacks on small-to midsized (SMB) businesses in the US jumped 165% in the first quarter over the same period last year, according to a new report published today.

The Malwarebytes study, which evaluated businesses with fewer than 1,000 seats of the vendor's security software installed, found each state posted at least a 90% year-over-year first quarter increase in malware incidents, with 10 states exceeding the 400% mark. The data comes from malware detected by the firm's software.

Arizona SMBs suffered the most malware attack attempts during the first quarter, with a whopping 1,332.8% increase over the previous year, the report states. SMBs in Hawaii, Alaska, and Maine also faced a dramatic rise in first quarter malware incidents, with each posting over a 1,000% jump.

Source: Malwarebytes

Source: Malwarebytes

Justin Dolly, chief security officer and CIO with Malwarebytes, says these states got hit hardest likely due to a double-whammy effect: the industries located in these states are frequently targeted by cybercriminals, a problem that is compounded by the problem of SMBs typically not having a designated security staff to deal with the malware attacks.

Industries that face a high rate of malware include aerospace, automotive, chemicals, education, healthcare, hospitality, manufacturing, mining, oil and gas, retail, technology, and tourism, according to the report.

"Healthcare and education generally have lots and lots of endpoints and manufacturing has lots of nodes, so patching endpoints and nodes can be a problem," Dolly says. He added that these industries tend to be reluctant to patch quickly and often.

But in Arizona's case, its top industries include aerospace, technology, and renewable energy, while Alaska relies on oil, gas, and mining, and Hawaii is known for its tourism.

SMBs operating in Texas, which heavily relies on the oil and gas industry, technology, aerospace, and healthcare, suffered the largest onslaught in the nation of first quarter malware attacks, according to the report. Texas accounted for 50% of all botnet incidents that affected SMBs, 55% of all spyware incidents, and 61% of all ransomware incidents.

"It doesn't surprise me that Texas had the most attacks," says Adam Kujawa, director of Malwarebytes Labs. "Texas is the biggest state and there are a lot more businesses there, so it makes perfect sense."

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

 

In drilling down on the type of malware attacks, Nevada by far posted the greatest first quarter increase in botnet incidents, with SMBs there seeing the gambling state hit with a massive 5,600% spike in that type of attack over the previous year. Kujawa pointed to Nevada's tourism industry and its need to deliver reliable connectivity to its customers. That makes the state an attractive botnet target that leaves SMBs scrambling to keep their proverbial lights on.

<i>Source: Malwarebytes</i>

Source: Malwarebytes

Ransomware attacks on New Mexico's SMBs posted a jump of 3,560% in the first quarter, which Dolly attributes to the region facing similar industry issues as Texas. Maryland SMBs, meanwhile, were busy in the first quarter fending off spyware attacks.

With the National Security Agency headquartered in Maryland, spyware thieves may be angling to infiltrate SMBs that are vendors to NSA, as well as tap into hotels where government workers may frequent, says Kujawa.

Members of the National Small Business Association overall worry about cyberattacks and malware, especially when it comes to the effect on their customers, a spokesperson for the association says.

"Our members are very concerned with malware – both in the fact that some kinds that may not be necessarily 'stealing money,' can pose significant problems especially if it's somehow infected your website. That can lead to spreading the malware to your customers and even getting blacklisted on Internet search platforms – which is a huge problem if you do any kind of online commerce," she says.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10743
PUBLISHED: 2019-03-23
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2019-9947
PUBLISHED: 2019-03-23
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) follo...
CVE-2019-9948
PUBLISHED: 2019-03-23
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-9945
PUBLISHED: 2019-03-23
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...
CVE-2019-9942
PUBLISHED: 2019-03-23
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.