Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

1/15/2021
12:05 PM
50%
50%

Successful Malware Incidents Rise as Attackers Shift Tactics

As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.

Companies relaxed security controls to help employees to be productive during the coronavirus pandemic, leading attackers to shift their tactics and take advantage of the chaos caused by remote work, according to a report published by cloud security firm Wandera on Jan. 15.

Compared with pre-pandemic times, employees were twice as likely to connect to inappropriate content during work hours and more likely to continue accessing email after being compromised with mobile malware, the company states in its "Cloud Security Report 2021." As a result, attackers shifted attacks to the weekends, and 41% more organizations experienced a malware infection on an employee's remote device.

Related Content:

As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints

Special Report: Understanding Your Cyber Attackers

New From The Edge: Understanding TCP/IP Stack Vulnerabilities in the IoT

The data underscores that as companies adapted to the realities of the pandemic, attackers sought out weaknesses exposed by the new work arrangements, says Michael Covington, vice president at Wandera.

"Most organizations really had to focus on keeping people being productive, and that meant you had to peel back the policies, and just make it easier for people to get into their applications, to use their devices, and feel empowered, because IT wasn't available to physically go to workers and help them out," Covington says.

The shift in tactics allowed attackers to shift the way they tried to infect those workers in order to catch them when they were at their least vigilant.

For example, while attack trends in previous years showed attackers generally targeted users on weekdays to catch them working from their office environment, when most employees moved to working from home, attackers began shifting to weekend attacks. At their peak, Wandera's data shows that 6% more attacks happened on Saturdays than any other day, the report states.

"That shift is really interesting because it starts to show the new reality of the work device truly morphing into a work-and-personal device," Covington says. "When you don't leave the house anymore, the phishing events and social engineering events — the ways that attackers get into organizations — are not just happening in the context of business email anymore."

Others have noted the impact of the move to remote work on security. In September, a survey of CIOs found that 76% of the executives were worried that content sprawl put company data at risk. An earlier survey found that about six in 10 workers were using personal devices to work from home, and most of them considered the devices to be secure.

Wandera found a similar set of impacts from the move to remote work, with many employees behaving differently. Because workers traveled less, they were about half as likely to use a risky Wi-Fi connection for work. And because personal time and work time blended together, a single device had a greater blend of business and personal applications, says Covington.

"Honestly, they were looking to kill time," he says. "The types of apps that we installed on work devices this year, we would not have typically seen installed. A lot of games and a lot of productivity tools."

The result was predictable: More than half of organizations, 52%, experienced a malware incident on a remote device, up from 37% in 2019, according to the report.

Many analysts — such as PricewaterhouseCoopers — have indicated that the move to remote work will last long after the pandemic ends. Wandera's Covington expects that as well because most organizations and workers believe the greater flexibility has improved their approach to work, he says.

"Everything I'm hearing from people is that their users are happier," he says. "Their users like being personally enabled, like having a choice in applications that they download and use, so I suspect we are going to see more of that."

For that reason, companies need to put a greater focus on security controls for remote workers. One of the best ways to do that, and support the enablement of workers, is to train them in security and make them part of the equation, Covington says. 

The company found some indications that workers are taking responsibility for their security. In 2020, for example, only half as many devices — 3% — had their lockscreens disabled, and only 4% used a risky hotspot in any given week, down from 7% in 2019.

"Culturally, we need to change," he says. "A lot of organizations punish workers if they fall victim to a phishing attack or social engineering attack. We are at the point that we need to acknowledge that these attacks are pretty darn good, and we need to embrace workers as part of the solution."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...