Successful Malware Incidents Rise as Attackers Shift Tactics

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.

4 Min Read

Companies relaxed security controls to help employees to be productive during the coronavirus pandemic, leading attackers to shift their tactics and take advantage of the chaos caused by remote work, according to a report published by cloud security firm Wandera on Jan. 15.

Compared with pre-pandemic times, employees were twice as likely to connect to inappropriate content during work hours and more likely to continue accessing email after being compromised with mobile malware, the company states in its "Cloud Security Report 2021." As a result, attackers shifted attacks to the weekends, and 41% more organizations experienced a malware infection on an employee's remote device.

The data underscores that as companies adapted to the realities of the pandemic, attackers sought out weaknesses exposed by the new work arrangements, says Michael Covington, vice president at Wandera.

"Most organizations really had to focus on keeping people being productive, and that meant you had to peel back the policies, and just make it easier for people to get into their applications, to use their devices, and feel empowered, because IT wasn't available to physically go to workers and help them out," Covington says.

The shift in tactics allowed attackers to shift the way they tried to infect those workers in order to catch them when they were at their least vigilant.

For example, while attack trends in previous years showed attackers generally targeted users on weekdays to catch them working from their office environment, when most employees moved to working from home, attackers began shifting to weekend attacks. At their peak, Wandera's data shows that 6% more attacks happened on Saturdays than any other day, the report states.

"That shift is really interesting because it starts to show the new reality of the work device truly morphing into a work-and-personal device," Covington says. "When you don't leave the house anymore, the phishing events and social engineering events — the ways that attackers get into organizations — are not just happening in the context of business email anymore."

Others have noted the impact of the move to remote work on security. In September, a survey of CIOs found that 76% of the executives were worried that content sprawl put company data at risk. An earlier survey found that about six in 10 workers were using personal devices to work from home, and most of them considered the devices to be secure.

Wandera found a similar set of impacts from the move to remote work, with many employees behaving differently. Because workers traveled less, they were about half as likely to use a risky Wi-Fi connection for work. And because personal time and work time blended together, a single device had a greater blend of business and personal applications, says Covington.

"Honestly, they were looking to kill time," he says. "The types of apps that we installed on work devices this year, we would not have typically seen installed. A lot of games and a lot of productivity tools."

The result was predictable: More than half of organizations, 52%, experienced a malware incident on a remote device, up from 37% in 2019, according to the report.

Many analysts — such as PricewaterhouseCoopers — have indicated that the move to remote work will last long after the pandemic ends. Wandera's Covington expects that as well because most organizations and workers believe the greater flexibility has improved their approach to work, he says.

"Everything I'm hearing from people is that their users are happier," he says. "Their users like being personally enabled, like having a choice in applications that they download and use, so I suspect we are going to see more of that."

For that reason, companies need to put a greater focus on security controls for remote workers. One of the best ways to do that, and support the enablement of workers, is to train them in security and make them part of the equation, Covington says. 

The company found some indications that workers are taking responsibility for their security. In 2020, for example, only half as many devices — 3% — had their lockscreens disabled, and only 4% used a risky hotspot in any given week, down from 7% in 2019.

"Culturally, we need to change," he says. "A lot of organizations punish workers if they fall victim to a phishing attack or social engineering attack. We are at the point that we need to acknowledge that these attacks are pretty darn good, and we need to embrace workers as part of the solution."

About the Author(s)

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights