Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/15/2021
12:05 PM
50%
50%

Successful Malware Incidents Rise as Attackers Shift Tactics

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.

Companies relaxed security controls to help employees to be productive during the coronavirus pandemic, leading attackers to shift their tactics and take advantage of the chaos caused by remote work, according to a report published by cloud security firm Wandera on Jan. 15.

Compared with pre-pandemic times, employees were twice as likely to connect to inappropriate content during work hours and more likely to continue accessing email after being compromised with mobile malware, the company states in its "Cloud Security Report 2021." As a result, attackers shifted attacks to the weekends, and 41% more organizations experienced a malware infection on an employee's remote device.

Related Content:

As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints

Special Report: Understanding Your Cyber Attackers

New From The Edge: Understanding TCP/IP Stack Vulnerabilities in the IoT

The data underscores that as companies adapted to the realities of the pandemic, attackers sought out weaknesses exposed by the new work arrangements, says Michael Covington, vice president at Wandera.

"Most organizations really had to focus on keeping people being productive, and that meant you had to peel back the policies, and just make it easier for people to get into their applications, to use their devices, and feel empowered, because IT wasn't available to physically go to workers and help them out," Covington says.

The shift in tactics allowed attackers to shift the way they tried to infect those workers in order to catch them when they were at their least vigilant.

For example, while attack trends in previous years showed attackers generally targeted users on weekdays to catch them working from their office environment, when most employees moved to working from home, attackers began shifting to weekend attacks. At their peak, Wandera's data shows that 6% more attacks happened on Saturdays than any other day, the report states.

"That shift is really interesting because it starts to show the new reality of the work device truly morphing into a work-and-personal device," Covington says. "When you don't leave the house anymore, the phishing events and social engineering events — the ways that attackers get into organizations — are not just happening in the context of business email anymore."

Others have noted the impact of the move to remote work on security. In September, a survey of CIOs found that 76% of the executives were worried that content sprawl put company data at risk. An earlier survey found that about six in 10 workers were using personal devices to work from home, and most of them considered the devices to be secure.

Wandera found a similar set of impacts from the move to remote work, with many employees behaving differently. Because workers traveled less, they were about half as likely to use a risky Wi-Fi connection for work. And because personal time and work time blended together, a single device had a greater blend of business and personal applications, says Covington.

"Honestly, they were looking to kill time," he says. "The types of apps that we installed on work devices this year, we would not have typically seen installed. A lot of games and a lot of productivity tools."

The result was predictable: More than half of organizations, 52%, experienced a malware incident on a remote device, up from 37% in 2019, according to the report.

Many analysts — such as PricewaterhouseCoopers — have indicated that the move to remote work will last long after the pandemic ends. Wandera's Covington expects that as well because most organizations and workers believe the greater flexibility has improved their approach to work, he says.

"Everything I'm hearing from people is that their users are happier," he says. "Their users like being personally enabled, like having a choice in applications that they download and use, so I suspect we are going to see more of that."

For that reason, companies need to put a greater focus on security controls for remote workers. One of the best ways to do that, and support the enablement of workers, is to train them in security and make them part of the equation, Covington says. 

The company found some indications that workers are taking responsibility for their security. In 2020, for example, only half as many devices — 3% — had their lockscreens disabled, and only 4% used a risky hotspot in any given week, down from 7% in 2019.

"Culturally, we need to change," he says. "A lot of organizations punish workers if they fall victim to a phishing attack or social engineering attack. We are at the point that we need to acknowledge that these attacks are pretty darn good, and we need to embrace workers as part of the solution."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36388
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2020-36389
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
CVE-2021-32575
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2021-33557
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.