Careful! Kaspersky Researcher Finds Hackers Trying to Steal MSME Passwords in Indonesia

Kaspersky thwarted more than 11 million online attacks on the backbone of economic growth in Southeast Asia (photo: Pixabay)

JAKARTA - Micro, small and medium enterprises (MSMEs) are the backbone of economic growth in the Southeast Asia (SEA) region. Accounting for more than 90 percent of private businesses, the MSME sector has a role in creating jobs, exports, and growth in Gross Domestic Product (GDP) at the country and regional level.

Due to the lockdown during the pandemic, MSMEs were forced to implement e-commerce and digitalization efforts to recover. Cybercriminals, on the other hand, exert pressure in their own way.

Kaspersky disclosed malicious activity targeting the MSME sector in Southeast Asia during the first half of 2022. In just six months, cybercriminals have launched 11.298.154 web attacks against MSMEs.

Kaspersky revealed that most of the incidents that had been blocked from infecting users came from Indonesia, Vietnam, and Thailand.

Web-based threats, or online threats, are a category of cybersecurity risks that can cause unwanted events or actions over the internet.

Web threats can arise as a result of a number of possibilities, such as by end-user vulnerabilities, web service developers/operators, or the web service itself.

“MSMEs here play a huge role in the economic growth of Southeast Asian countries and the region as a whole,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky in a statement received in Jakarta, October 17.

Yeo reported that there were losses resulting from a single data breach against MSMEs, reaching USD 74.000 (IDR 1.1 billion) in 2021.

"We all know that this sector has been in a slump since the pandemic and with the wave of attacks that cybercriminals are waging against them, we must balance it by incorporating cybersecurity into their limited budget to ensure a sustainable recovery," Yeo added.

Apart from web threats, Kaspersky has also detected 373,138 Trojan-PSW (Password Stealing Ware) trying to infect MSMEs in the region. The highest number of incidents were foiled in Vietnam, Indonesia and Malaysia during the first half of 2022.

Trojan-PSW is malware that plays a role in stealing passwords, along with other account information, which then allows attackers to gain access to corporate networks and steal sensitive information.

Yeo said maybe MSME business owners might think their company is too small to be a target for cybercriminals. However, companies and government organizations should remember that MSMEs are usually third-party suppliers to large companies and important entities.

“This sector is part of a larger chain and like a domino effect, if one password thief can break into the systems of small and medium-sized enterprises, then assume the entire chain has been compromised,” Yeo explained.

For such small and medium-sized businesses, choosing a general security solution is difficult. Products for home users don't have enough capabilities, and solutions for large businesses tend to be more expensive and too complex to manage without a dedicated IT Security department.

In addition, another challenge is to maintain cash flow after the health crisis continues to haunt MSMEs in the region, so that the cyber security budget may be placed again as a reserve priority.