Cyber Threats Targeting SMBs Rise Significantly in 2026
TL;DR
Recent findings from Kaspersky reveal a dramatic increase in cyberattacks targeting small and medium-sized businesses, particularly those disguised as popular AI tools. The threat landscape for these organizations is evolving, with attackers leveraging trusted applications to deploy malware and execute phishing campaigns.
Main Analysis
Kaspersky’s report indicates that in the first part of 2026, over 33,300 cyberattacks on SMBs were attributed to malicious entities masquerading as popular AI tools, marking a fivefold increase compared to the prior year. Additionally, attackers utilized messaging applications and video conferencing platforms extensively, with fake apps accounting for nearly 415,000 attacks. This trend illustrates how cybercriminals adapt to current technology trends to exploit vulnerabilities in trust relationships with SMBs.
The usage of malware and potentially unwanted applications (PUAs) disguised as legitimate AI services such as Claude and OpenClaw has surged considerably. Kaspersky detected over 1,100 unique instances of these threats posing as trusted applications, with the primary technique being Trojware, which can execute harmful actions on infected devices. These findings align with a market trend where SMBs increasingly adopt AI tools, providing a rich target area for attackers.
The report emphasizes the alarming fact that many initial accesses to corporate infrastructures available on the dark web originate from SMBs. Their lack of robust cybersecurity measures makes them appealing targets, not only for direct attacks but also as gateways to larger, better-protected organizations through trusted relationships.
Defensive Context
Given the escalating threat landscape, SMBs must be aware that their limited cybersecurity capabilities make them vulnerable targets. Organizations must prioritize understanding specific threats and the dynamics of current campaigns, particularly those involving AI tools and communication platforms. Companies that interact with these technologies should be especially vigilant, as they face an increased risk of sophisticated cyber intrusions.
Why This Matters
SMBs represent a significant portion of modern economies but often lag in cybersecurity readiness compared to larger enterprises. The findings illustrate a real-world risk where these businesses not only face direct attacks but can also be weaponized by attackers to gain access to larger corporations, amplifying the threat.
Defender Considerations
Organizations should focus on implementing measures that specifically address this refined attack strategy, such as scrutinizing the legitimacy of applications before installation and educating employees about the importance of verifying communications from trusted platforms. Initiatives to bolster awareness around phishing tactics exploiting fake AI services could also prove instrumental in mitigating these risks.
Indicators of Compromise (IOCs)
No specific IOCs have been provided in the report. However, organizations should be alert to suspicious network activity associated with AI tools and communication services, as these trends are highlighted in Kaspersky’s findings.
