Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

Malware Incidents at US SMBs Spiked 165% in Q1

Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, according to new Malwarebytes report.

Malware attacks on small-to midsized (SMB) businesses in the US jumped 165% in the first quarter over the same period last year, according to a new report published today.

The Malwarebytes study, which evaluated businesses with fewer than 1,000 seats of the vendor's security software installed, found each state posted at least a 90% year-over-year first quarter increase in malware incidents, with 10 states exceeding the 400% mark. The data comes from malware detected by the firm's software.

Arizona SMBs suffered the most malware attack attempts during the first quarter, with a whopping 1,332.8% increase over the previous year, the report states. SMBs in Hawaii, Alaska, and Maine also faced a dramatic rise in first quarter malware incidents, with each posting over a 1,000% jump.

Source: Malwarebytes

Source: Malwarebytes

Justin Dolly, chief security officer and CIO with Malwarebytes, says these states got hit hardest likely due to a double-whammy effect: the industries located in these states are frequently targeted by cybercriminals, a problem that is compounded by the problem of SMBs typically not having a designated security staff to deal with the malware attacks.

Industries that face a high rate of malware include aerospace, automotive, chemicals, education, healthcare, hospitality, manufacturing, mining, oil and gas, retail, technology, and tourism, according to the report.

"Healthcare and education generally have lots and lots of endpoints and manufacturing has lots of nodes, so patching endpoints and nodes can be a problem," Dolly says. He added that these industries tend to be reluctant to patch quickly and often.

But in Arizona's case, its top industries include aerospace, technology, and renewable energy, while Alaska relies on oil, gas, and mining, and Hawaii is known for its tourism.

SMBs operating in Texas, which heavily relies on the oil and gas industry, technology, aerospace, and healthcare, suffered the largest onslaught in the nation of first quarter malware attacks, according to the report. Texas accounted for 50% of all botnet incidents that affected SMBs, 55% of all spyware incidents, and 61% of all ransomware incidents.

"It doesn't surprise me that Texas had the most attacks," says Adam Kujawa, director of Malwarebytes Labs. "Texas is the biggest state and there are a lot more businesses there, so it makes perfect sense."

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

 

In drilling down on the type of malware attacks, Nevada by far posted the greatest first quarter increase in botnet incidents, with SMBs there seeing the gambling state hit with a massive 5,600% spike in that type of attack over the previous year. Kujawa pointed to Nevada's tourism industry and its need to deliver reliable connectivity to its customers. That makes the state an attractive botnet target that leaves SMBs scrambling to keep their proverbial lights on.

<i>Source: Malwarebytes</i>

Source: Malwarebytes

Ransomware attacks on New Mexico's SMBs posted a jump of 3,560% in the first quarter, which Dolly attributes to the region facing similar industry issues as Texas. Maryland SMBs, meanwhile, were busy in the first quarter fending off spyware attacks.

With the National Security Agency headquartered in Maryland, spyware thieves may be angling to infiltrate SMBs that are vendors to NSA, as well as tap into hotels where government workers may frequent, says Kujawa.

Members of the National Small Business Association overall worry about cyberattacks and malware, especially when it comes to the effect on their customers, a spokesperson for the association says.

"Our members are very concerned with malware – both in the fact that some kinds that may not be necessarily 'stealing money,' can pose significant problems especially if it's somehow infected your website. That can lead to spreading the malware to your customers and even getting blacklisted on Internet search platforms – which is a huge problem if you do any kind of online commerce," she says.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation (&quot;Cross-site Scripting&quot;) in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee &quot;WordPress Users &amp; WooCommerce Customers Import Export&quot; plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.