Threat Intelligence

6/15/2017
09:05 AM
50%
50%

Malware Incidents at US SMBs Spiked 165% in Q1

Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, according to new Malwarebytes report.

Malware attacks on small-to midsized (SMB) businesses in the US jumped 165% in the first quarter over the same period last year, according to a new report published today.

The Malwarebytes study, which evaluated businesses with fewer than 1,000 seats of the vendor's security software installed, found each state posted at least a 90% year-over-year first quarter increase in malware incidents, with 10 states exceeding the 400% mark. The data comes from malware detected by the firm's software.

Arizona SMBs suffered the most malware attack attempts during the first quarter, with a whopping 1,332.8% increase over the previous year, the report states. SMBs in Hawaii, Alaska, and Maine also faced a dramatic rise in first quarter malware incidents, with each posting over a 1,000% jump.

Source: Malwarebytes

Source: Malwarebytes

Justin Dolly, chief security officer and CIO with Malwarebytes, says these states got hit hardest likely due to a double-whammy effect: the industries located in these states are frequently targeted by cybercriminals, a problem that is compounded by the problem of SMBs typically not having a designated security staff to deal with the malware attacks.

Industries that face a high rate of malware include aerospace, automotive, chemicals, education, healthcare, hospitality, manufacturing, mining, oil and gas, retail, technology, and tourism, according to the report.

"Healthcare and education generally have lots and lots of endpoints and manufacturing has lots of nodes, so patching endpoints and nodes can be a problem," Dolly says. He added that these industries tend to be reluctant to patch quickly and often.

But in Arizona's case, its top industries include aerospace, technology, and renewable energy, while Alaska relies on oil, gas, and mining, and Hawaii is known for its tourism.

SMBs operating in Texas, which heavily relies on the oil and gas industry, technology, aerospace, and healthcare, suffered the largest onslaught in the nation of first quarter malware attacks, according to the report. Texas accounted for 50% of all botnet incidents that affected SMBs, 55% of all spyware incidents, and 61% of all ransomware incidents.

"It doesn't surprise me that Texas had the most attacks," says Adam Kujawa, director of Malwarebytes Labs. "Texas is the biggest state and there are a lot more businesses there, so it makes perfect sense."

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

 

In drilling down on the type of malware attacks, Nevada by far posted the greatest first quarter increase in botnet incidents, with SMBs there seeing the gambling state hit with a massive 5,600% spike in that type of attack over the previous year. Kujawa pointed to Nevada's tourism industry and its need to deliver reliable connectivity to its customers. That makes the state an attractive botnet target that leaves SMBs scrambling to keep their proverbial lights on.

<i>Source: Malwarebytes</i>

Source: Malwarebytes

Ransomware attacks on New Mexico's SMBs posted a jump of 3,560% in the first quarter, which Dolly attributes to the region facing similar industry issues as Texas. Maryland SMBs, meanwhile, were busy in the first quarter fending off spyware attacks.

With the National Security Agency headquartered in Maryland, spyware thieves may be angling to infiltrate SMBs that are vendors to NSA, as well as tap into hotels where government workers may frequent, says Kujawa.

Members of the National Small Business Association overall worry about cyberattacks and malware, especially when it comes to the effect on their customers, a spokesperson for the association says.

"Our members are very concerned with malware – both in the fact that some kinds that may not be necessarily 'stealing money,' can pose significant problems especially if it's somehow infected your website. That can lead to spreading the malware to your customers and even getting blacklisted on Internet search platforms – which is a huge problem if you do any kind of online commerce," she says.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8584
PUBLISHED: 2018-11-14
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka &quot;Windows ALPC Elevation of Privilege Vulnerability.&quot; This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
CVE-2018-8588
PUBLISHED: 2018-11-14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka &quot;Chakra Scripting Engine Memory Corruption Vulnerability.&quot; This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8...
CVE-2018-8589
PUBLISHED: 2018-11-14
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka &quot;Windows Win32k Elevation of Privilege Vulnerability.&quot; This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
CVE-2018-8592
PUBLISHED: 2018-11-14
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka &quot;Windows Elevation Of Privilege Vulnerability.&quot; This affects Windows 10, Windows Server 2019.
CVE-2018-8600
PUBLISHED: 2018-11-14
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka &quot;Azure App Service Cross-site Scripting Vulnerability.&quot; This affects Azure App.