Kaspersky, a cybersecurity solutions company, announced it had detected over 33,300 cyberattacks targeting small and medium-sized businesses between January and April 2026*, with attackers exploiting malicious or unwanted software disguised as popular AI services. This represents an increase of nearly five times compared to the same period in 2025.

A new report from Kaspersky highlights the most prominent current cyber threats, along with practical strategies to mitigate risks, aimed at helping small and medium-sized businesses combat cyber threats and strengthen their security readiness.

An analysis by Kaspersky experts showed that attackers are increasingly exploiting the growing popularity of AI services by hiding malicious software within tools that appear trustworthy and are widely used in work environments.

ChatGPT tops the list of lures

According to the analysis published by Kaspersky, software impersonating ChatGPT topped the list of lures in the first months of 2026 at 42%, followed by Claude at 24%, and DeepSeek at 20%.

Kaspersky experts explained that most of the malicious files targeting small and medium-sized businesses and impersonating AI services were of the 'Trojware' category, including Trojan horses and similar types capable of downloading and running additional malicious software on infected devices. These programs rely on disguising themselves as safe files to deceive users into installing them, while their functions vary by type; they may steal, delete, encrypt, modify, or copy data, in addition to performing other malicious activities, making them a serious threat to businesses and entrepreneurs.

415,000 attempts via fake apps

Kaspersky telemetry data showed continued exploitation of fake messaging and meeting apps, such as Telegram, WhatsApp, Zoom, and Microsoft Teams, to spread malicious and unwanted software.

Between January and April 2026, the company's solutions blocked about 415,000 attack attempts of this type. Even though the number remains stable at levels close to last year, this reflects attackers' continued reliance on fake communication apps as one of the most common attack vectors.

Vasily Kolesnikov, a security expert at Kaspersky, said: "Cyber threats are constantly evolving with new ways to deceive users. In the first four months of this year, our solutions for small and medium-sized businesses detected hundreds of attacks where malicious software was disguised as OpenClaw, an AI tool that became popular in 2026. With employees increasingly using AI tools in their daily work, including publicly available tools, it is very important to be cautious when downloading software from the internet, verify the authenticity of websites and links in suspicious messages, and use reliable security software."

Rodion Pianov, Product Manager at Kaspersky Small Office Security, adds: "As attackers continue to develop their methods to exploit human error, the need for updated and continuous security awareness training has become indispensable for all companies, regardless of size. However, reality shows that very small businesses often struggle to allocate the time and budget needed to regularly alert their teams to the latest threats and malicious trends. We see that this issue can be significantly mitigated through solutions specifically designed for small businesses, combining robust basic protection with easy and accessible security awareness."

Kaspersky recommendations to enhance protection

Below, Kaspersky offers a set of recommendations for business owners to protect their businesses from cyber threats:

Choose solutions that fit your budget, company size, and industry requirements, considering scalability and ease of integration. For example, Kaspersky Small Office Security Premium is an easy-to-use solution that provides protection against advanced threats, along with cybersecurity awareness training for employees, making it suitable for very small projects. For more technically advanced small and medium-sized businesses, Kaspersky Next Optimum is specifically designed for growing and developing organizations, offering immediate protection, clearer threat visibility, and advanced investigation and response capabilities through endpoint detection and response (EDR) and extended detection and response (XDR) technologies.

If work teams lack cybersecurity specialists or cannot provide continuous 24/7 monitoring, using managed solutions becomes important. The Kaspersky MDR service, overseen by a team of experts, provides round-the-clock capabilities covering the entire incident management lifecycle, from threat detection through continuous protection to response and remediation.

Establish clear rules for using external services and tools.

Organize access permissions to enterprise resources such as email, shared folders, and online documents.

Regularly back up important data to ensure its protection in case of an emergency.

You can view the full report on the cyber threat landscape for small and medium-sized businesses at Securelist.com.

*This research is based on analysis of anonymous data collected from users of Kaspersky solutions for small and medium-sized businesses.

Tags

Cybersecurity Kaspersky

Link copied

29 June 2026 Last update: 30 June 2026

3 minutes

Follow us