SMB Security at Risk – Cybercriminals Exploit ChatGPT, Cisco AnyConnect, Google Meet, and Teams for Malicious Attacks

Small and medium-sized businesses (SMBs) are increasingly under siege as cybercriminals exploit the popularity of trusted digital tools, including ChatGPT, Cisco AnyConnect, Google Meet, and Microsoft Teams, to launch sophisticated attacks.

According to new research from Kaspersky, nearly 8,500 SMB users encountered cyberattacks in which malware or potentially unwanted applications (PUAs) were disguised as these essential business applications between January and April 2025 alone.

The findings reveal a disturbing trend: cyberattackers are leveraging the widespread adoption and credibility of these platforms to trick unsuspecting users.

The Kaspersky Security Network (KSN), which processes anonymized threat data from opted-in users, focused exclusively on SMB solutions for this study.

The research highlights that Zoom, a leading video conferencing tool, was the most frequently impersonated, with 1,652 unique malicious files detected, accounting for almost 41% of all such threats.

This marks a 14-percentage-point increase compared to 2024, indicating a sharp escalation in attacks targeting remote collaboration tools.

Impersonation of Microsoft Office applications also remains a persistent threat. Outlook and PowerPoint each accounted for 16% of malicious files, while Excel accounted for 12%. Word and Teams accounted for 9% and 5%, respectively.

Notably, the rise of AI-driven services has introduced new risks: the number of unique malicious files mimicking ChatGPT grew by 115% in early 2025, reaching 177 cases.

DeepSeek, a newly launched large language model, has already appeared on the list of impersonated tools, underscoring cybercriminals’ agility in adapting to technological trends.

Technical Insights: Attack Vectors and Malware Tactics

Cybercriminals are employing a variety of tactics to infiltrate SMB networks. The most prevalent threats include downloaders, Trojans, and adware.

Downloaders, while not always malicious themselves, are frequently exploited to deliver harmful payloads to victims’ devices.

Trojans, which execute unauthorized actions such as data theft or system disruption, remain a staple in cyberattackers’ arsenals.

Adware, often bundled with free software, bombards users with unwanted advertisements and can serve as a gateway for more severe infections.

Phishing campaigns are another primary concern. Attackers craft convincing landing pages and emails mimicking well-known brands, such as Google, DocuSign, and even banks offering business loans.

These scams aim to harvest login credentials or manipulate victims into transferring funds.

For example, a recent campaign targeted Google business accounts by promising to promote companies on X (formerly Twitter), luring users into entering their credentials on a fake platform.

Another phishing attempt impersonated “Global Trust Bank,” exploiting the existence of similarly named legitimate banks in multiple countries.

AI has further amplified the threat landscape. Automated phishing and malware campaigns are easier to prepare and adapt, increasing both the scale and sophistication of attacks.

Spammers now offer dubious services such as business databases or review manipulation, tailored to the needs of SMBs, making it harder for employees to distinguish legitimate offers from malicious ones.

Actionable Steps for SMB Cyber Resilience

To counter these evolving threats, SMBs must adopt a multi-layered security approach. Implementing robust spam filters, email authentication protocols, and strict verification procedures for financial transactions is essential.

Regular security training for employees, strong password practices, and multi-factor authentication can significantly reduce the risk of phishing and fraud.

Organizations should also establish clear access rules for corporate resources, regularly update access lists, and revoke permissions promptly when employees leave.

Centralized software installation from official sources rather than through search engines can prevent the inadvertent download of malicious files.

Comprehensive cybersecurity solutions, such as Kaspersky Next, offer visibility and control over cloud services, enabling SMBs to stay one step ahead of cybercriminals.

By investing in awareness, technology, and proactive policies, SMBs can bolster their defenses and safeguard their operations in an increasingly hostile digital environment.