Data from Kaspersky Security Network (KSN) collected between January to April 2025 reveals a troubling landscape for small and medium-sized businesses (SMBs) across selected countries in Europe and North, West, and Central Africa. Cybercriminals disguised malware and potentially unwanted applications (PUAs) as trusted tools such as ChatGPT, Microsoft Office applications and Google Drive, to infiltrate SMB networks without raising suspicion.
In Europe, Austria recorded the highest share of attacks, accounting for 40% of all detected cases in which PUAs and malware targeting SMBs mimicked legitimate brands This was followed by Italy (25%) and Germany (11%). Spain (10%) and Portugal (6%) were also significantly affected, while France contributed 4.1%. Serbia and the UK each registered around 1%, and other countries, including Romania, Greece, and Switzerland, each made up less than 1%, indicating relatively low targeting activity.
In Africa, Morocco topped the
list with 41% of all detected PUAs targeting SMBs, with Tunisia (24%) and
Algeria (16%) also heavily impacted. Senegal (7%) and Cameroon (7%) saw more
modest levels, while Ivory Cost accounted for 5%.
Backdoors and Downloaders among top exploited threats
The threats most affecting SMBs in Europe were backdoors (24%), Trojans (17%),
and not-a-virus:Downloaders (16%). In Africa, not-a-virus: Downloaders
dominated at 55%, followed by DangerousObjects (14%) and Trojans (13%).
“Small businesses face
enterprise-level threats, often with startup-level budgets,“ says Marc Rivero,
Lead Security Researcher at the Global Research and Analysis Team (GreAT) at
Kaspersky. “The key is knowing where to focus their limited resources for maximum
protection. The best defense against sophisticated malware isn't the most
expensive tool - it's understanding how attackers think and closing the doors
they're looking for.”
Real talk on cybersecurity – what’s annoying, what’s missing, what’s really helping?
SMBs can significantly reduce cyber risks and protect
business continuity by combining robust cybersecurity solutions with strong
employee awareness. Key measures include:
- Implement security hardening: Strengthen existing systems by minimizing the attack surface. This includes enforcing strong authentication and authorization with strict password policies and multi-factor authentication, regularly updating software and patching vulnerabilities, encrypting data both at rest and in transit, and maintaining reliable backups to safeguard against data loss or business disruption.
- Promote employee awareness: Conduct regular training sessions to improve cyber literacy, focusing on safe email practices, secure password management, recognizing phishing attempts, and proper handling of sensitive data.
- Use official sources for software: Avoid downloading applications through search engines. All new software should come from trusted, official sources and be installed centrally by the IT team to prevent hidden threats.
- Control access to resources: Define clear access rules for emails, shared folders, and online services, monitor user activity, and revoke access promptly when employees leave the company.
- Implement specialized security solutions: Tools like Kaspersky Next combine strong endpoint protection with EDR and XDR capabilities and are designed to benefit corporate customers of any size and industry. Especially Kaspersky Next XDR Optimum is suitable for SMBs with an established IT infrastructure, which are often managed by larger IT teams or small security units. For very small businesses that may not have an IT administrator, Kaspersky Small Office Security (KSOS) offers hands-off protection through its “install and forget” setup.
For more information, including phishing examples affecting SMBs in Europe and Africa, read the full report here.
