Small businesses in Kenya and Nigeria still at risk of RDP and Internet attacks

Small businesses in Kenya and Nigeria still at risk of RDP and Internet attacks

According to cybersecurity firm Kaspersky, the number of Trojan-PSW (Password Stealing Ware) detections in Nigeria more than doubled in 2022 (2654 detections), when compared to the same period in 2021 (1076 detections).

At the same time in Kenya, Trojan-PSW increased by 16% in 2022 (12 639 detections), when compared to the same period in 2021 (10 934 detections).

Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the corporate network and steal sensitive information.

Kaspersky says another popular attack tool used on small businesses is Internet attacks, specifically, web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&C centres, etc.

While the number of these attacks decreased in the first four months of 2022 in Nigeria (56 836 infections in 2022 compared to 99 146 infections in 2021), Internet attacks are still a concern and need to be protected against.

In Kenya, the number of these attacks increased by 47%. In comparison to 88 455 infections in 2021, 130 111 infections were detected in the first four months of 2022.

With the shift towards remote working, many companies have introduced the Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.

Kaspersky also noted a significant increase in the number of attacks on Remote Desktop Protocol in Nigeria, by 89%. In the first four months of 2021, there were 161 000 RDP attacks in the country. For the same period in 2022 the number has risen to 303 500 attacks.

While the overall number of attacks on Remote Desktop Protocol has decreased slightly in Kenya, globally this threat is still a challenge, noted the cybersecurity firm.

Kaspersky says even small businesses with limited IT resources still need to protect all their working devices, including computers and mobile phones, from cyberthreats.

Denis Parinov, security researcher at Kaspersky commented, “With the shift to remote working and the introduction of numerous advanced technologies in the daily operations of even small companies, security measures need to evolve to support these sophisticated setups. Cybercriminals are already way ahead of the curve, so much so that virtually every organisation will experience a breach attempt at some point.”

“For small companies today, it’s not a matter of whether a cybersecurity incident will happen but when. Having trained staff and an educated IT-specialist is no longer a luxury but a must-have part of your business development,” he concluded.