Web threats affecting SMBs in 2019

Gill Langston 10 Apr 2019

Learn more about how web threats are evolving and becoming more intelligent.

How safe is my business online? This question goes through our minds quite a bit as we click around our emails, scroll various web pages, and consent to cookies that track our data.

With a robust internet audience of over 4 billion active users, the web has turned into a playground full of data for cybercriminals. Over 50,000 websites are hacked every day in an effort to steal private information, hold files for ransom, or collect data and use it for a variety of reasons. Web threats are becoming much more prolific – when one tactic gets shut down, others begin popping up in its place. This is why it’s important to stay ahead and remain “in the know” when it comes to the latest threat tactics.

Hackers everywhere are focused on finding the easiest and cheapest way to extract data and obtain as much employee and customer information as they can. Not just anyone can hack a website. New technologies are being released daily to stop online threats; yet hackers are innovating and crafting new methods.

Let’s take a closer look at some common web threats that are popping up this year...


Ransomware is decreasing in popularity, dropping nearly 20% in 2018. Hackers are adopting new tactics such as the recently popularized  “formjacking” or “formgrabbing.” This new hacking trend is being referred to as virtual ATM skimming. Cybercriminals are gathering customer credit card information by injecting malicious code into websites and stealing data when the user gets to the checkout page. Small and medium businesses are being compromised either directly or through third-party payment services and plug-ins.  

Ticketmaster, a subsidiary of the world’s largest live entertainment ticketing company, was targeted by what appeared to be the tactics of Magecart - a group of card-stealing skimmers that hacked over 800 e-commerce websites. The threat actors accessed payment details of over 40,000 UK customers by changing a custom JavaScript code on a payments page created by a third-party supplier called Inbenta.  


That’s the number of unique websites that are being compromised by formjacking every month. These attacks have happened to several huge retailers including British Airways, Huddle House, Newegg, and dozens more. Although, what’s interesting is the most widely compromised businesses are small and medium-sized retailers. Cybercriminals are collecting tens of millions of dollars by targeting an abundance of SMBs that appear less secure, but are key to supply chains that reach enterprise levels and hold enormous amounts of data.

Credential Stuffing

Hackers have written off the traditional practice of trying hundreds of password combinations until access is granted. Credential stuffing has taken its place because it’s easier, quicker, and quite frankly - it works. Username and password data is collected and “stuffed” into a huge database that hackers use to test against websites and online services hoping to find a match.

With people and employees being notorious for using the same or associated passwords across multiple sites, including work emails, businesses are at risk of falling victim to credential stuffing. Dunkin’ Donuts was affected recently in October of 2018 and again in January of this year.  The company reported that approximately 1,200 of the 10 million usernames and passwords from the company’s DD Perks accounts had been compromised, warning users to make sure the same credentials weren’t being used on other websites.


This type of web threat is particularly dangerous, because simply browsing a malicious website can open the door for cryptojacking on a device. No clicking or downloading necessary. Cryptojacking is when a PC, mobile device, or server is used by cybercriminals to mine cryptocurrency.

Although cryptocurrencies are not as popular as they once were, this method of “mining” is virtually free to the bad actors. They are using your power, devices, and resources to generate the cryptocurrency. This malware doesn’t seek to steal company data, but rather use your computational (CPU) resources, which can be costly.

So, how does it work? Well, malicious crypto miners hack websites with high traffic by embedding a small JavaScript code that mines cryptocurrencies such as Bytecoin and Monero. If your device is being hijacked, you will usually notice the battery draining faster than usual, or an increase in heat as the CPU power utilization rises inside your device. Some companies are even placing malicious mining scripts into their own websites to increase revenue using third-party companies like Coinhive.


If you’re familiar with trending cyberthreats, this tactic comes as no surprise. If you’re not familiar, phishing is when hackers send emails posing as a company or a trusted individual to obtain sensitive data or cause the user to click on a malicious link.

According to this study, “One in every hundred emails sent around the globe has malicious intent, likely to deliver malware, conduct spear-phishing, commit fraud, or other activity conducted by cybercriminals.”

Phishing attacks can be sneaky. 90% of original phishing emails don’t include a malicious attachment or link; their purpose is to sell the idea that the email is truly coming from a trusted individual. The second and third emails usually contain the links or attachments that lead to malware or entire network breaches. Cybercriminals target SMBs due to the perceived lack of security and potential to gain access to larger supply chains or networks. Take a quick look at the Phish Phinder infographic for tips on identifying a suspicious email.

How do I protect my business from web threats?

  • Get strong antivirus! This is the primary line of defense against web threats.

  • Know the devices, data, and people in or accessing your network. Take our free security assessment to determine your business’ attack surfaces and most vulnerable points.

  • Keep antivirus software and all other applications up-to-date. Sometimes updates are pushed to users to block malicious code that was being used for cybercrime. Updating and patching software is vital to keeping your devices healthy and your data safe.

  • Deploy web protection that blocks web threats before they get into your network.  A secure web gateway inspects web pages for malicious code or harmful content before it’s served up to the user. Learn more about the cloud-based Avast Business Secure Web Gateway here.

Still unsure about the first steps to full network protection?

--> -->