Data from Kaspersky Security Network (KSN) collected between January to April 2025 reveals a troubling landscape for small and medium-sized businesses (SMBs) across selected countries in Europe and North, West, and Central Africa.
Cybercriminals disguised malware and potentially unwanted applications (PUAs) as trusted tools such as ChatGPT, Microsoft Office applications and Google Drive, to infiltrate SMB networks without raising suspicion.
In Europe, Austria recorded the highest share of attacks, accounting for 40% of all detected cases in which PUAs and malware targeting SMBs mimicked legitimate brands. This was followed by Italy (25%) and Germany (11%). Spain (10%) and Portugal (6%) were also significantly affected, while France contributed 4.1%. Serbia and the UK each registered around 1%, and other countries, including Romania, Greece and Switzerland, each made up less than 1%, indicating relatively low targeting activity.
In Africa, Morocco topped the list with 41% of all detected PUAs targeting SMBs, with Tunisia (24%) and Algeria (16%) also heavily impacted. Senegal (7%) and Cameroon (7%) saw more modest levels, while Ivory Coast accounted for 5%.
Backdoors and Downloaders among top exploited threats
The threats most affecting SMBs in Europe were backdoors (24%), Trojans (17%) and not-a-virus:Downloaders (16%). In Africa, not-a-virus: Downloaders dominated at 55%, followed by DangerousObjects (14%) and Trojans (13%).
“Small businesses face enterprise-level threats, often with startup-level budgets,“ said Marc Rivero, Lead Security Researcher at the Global Research and Analysis Team (GreAT) at Kaspersky. “The key is knowing where to focus their limited resources for maximum protection. The best defense against sophisticated malware isn’t the most expensive tool – it’s understanding how attackers think and closing the doors they’re looking for.”
Real talk on cybersecurity – what’s annoying, what’s missing, what’s really helping?
SMBs can significantly reduce cyber risks and protect business continuity by combining robust cybersecurity solutions with strong employee awareness. Key measures include:
- Implement security hardening: Strengthen existing systems by minimising the attack surface. This includes enforcing strong authentication and authorisation with strict password policies and multi-factor authentication, regularly updating software and patching vulnerabilities, encrypting data both at rest and in transit and maintaining reliable backups to safeguard against data loss or business disruption.
- Promote employee awareness: Conduct regular training sessions to improve cyber literacy, focusing on safe email practices, secure password management, recognising phishing attempts and proper handling of sensitive data.
- Use official sources for software: Avoid downloading applications through search engines. All new software should come from trusted, official sources and be installed centrally by the IT team to prevent hidden threats.
- Control access to resources: Define clear access rules for emails, shared folders and online services, monitor user activity, and revoke access promptly when employees leave the company.
- Implement specialised security solutions: Tools like Kaspersky Next combine strong endpoint protection with EDR and XDR capabilities and are designed to benefit corporate customers of any size and industry. Kaspersky Next XDR Optimum is especially suitable for SMBs with an established IT infrastructure, which are often managed by larger IT teams or small security units. For very small businesses that may not have an IT administrator, Kaspersky Small Office Security (KSOS) offers hands-off protection through its “install and forget” setup.
For more information, including phishing examples affecting SMBs in Europe and Africa, read the full report here.