The rise of remote work & learning opened new opportunities for many people – as seen by the people who have moved to unfamiliar places or adapted to “workcations.”
Aamir Lakhani, Global Security Strategist & Researcher at FortiGuard Labs, zeroes-in on how adversaries are targeting ‘remote everything.’
Cyber-criminals are taking advantage of the same opportunities – just in a separate way. Evaluating the prevalence of malware variants by region reveals a sustained interest by cyber adversaries in maximising remote work & learning attacks.
Malware Trends
The FortiGuard Labs research team looked into the occurrence of malware varieties by region for the 2nd half of 2021. What they found shows a sustained interest by cyber adversaries in maximising the remote work & learning attack vector.
The team saw that various forms of browser-based malware were prevalent. Often, this takes the form of phishing lures or scripts that inject code or redirect users to malicious sites.
Detections
Detections vary across regions, of course, but can be largely grouped into 3 broad distribution mechanisms: Microsoft Office executables (MSExcel/, MSOffice/), PDF files & browser scripts (HTML/, JS/). Files packed with the Microsoft Intermediate Language (MSIL) are another common feature.
Note that some kinds of browser-based malware occupy the top spots in all regions. Such techniques have gained prominence recently as a way to exploit peoples’ desire for the latest news about COVID-19, politics, sports, or any current headline.
Because many are browsing from their home networks these days, there are less layers of protection between such malware & would-be victims (e.g., no corporate web filters).
Rise of Exploit Kits
The use of exploit kits (EKs) is 1 element that has clearly helped cyber-criminals in their efforts to execute malware. These kits are automated programs attackers use to exploit systems or applications.
What makes an exploit kit dangerous is its ability to identify victims while they browse the web. Then targeting a potential victim’s vulnerabilities, attackers can download & execute their malware of choice.
Exploit kits work automatically & silently as they look for vulnerabilities on a user’s machine while they browse the web. Currently, exploit kits are the main method for the distribution of remote access tools (RATs) or mass malware by cyber-criminals, especially those seeking to profit financially.
Compromised Website
What is especially worrying is that EKs do not require victims to download a file or attachment. The victim need only browse on a compromised website, & then that site pulls in hidden code that attacks vulnerabilities in the user’s browser.
Currently, older kits are available to the public. Attackers have been taking these older kits & modifying them, making them more resilient to newer security detection strategies. Also, many of these kits are being advertised for sale online. Attackers offer these kits for rent on these sites & offer support & update contracts to guarantee they work against future updates.
‘Remote Everything’ Security Problem
As hybrid work & learning become embedded, there are less layers of protection between malware & would-be victims. Bad players are getting access to more tools to help them do their stuff – like exploit kits. Simultaneously, the attack surface has rapidly expanded & continues to do so.
That means enterprises must take a work-from-anywhere approach to their security. They need to deploy solutions capable of following, enabling & protecting users wherever they are located. They need security on the endpoint (EDR) combined with zero trust network access (ZTNA) approaches.
Holistic Security Screen
Another component & best practice of modern security strategy is the development of a holistic security screen, wherein fully integrated security, services & threat intelligence follow users on the road, at home or in the office to provide enterprise-grade protection & productivity across the extended network.
This simplifies & satisfies the needs of today’s 3 most common WFA scenarios: the corporate office, the home office & the mobile worker.
Mission-Critical Applications
Enterprises must secure mission-critical applications, so securing access to those applications, the networks to connect to those applications, & the devices that run those applications remain a vital component of a layered defence – even when working from a traditional location.
In the home office, risk hides in the home networks that are often badly secured with retail wireless routers & contain vulnerable IoT devices, which can be a pathway for hacker to gain access. Mobile workers regularly rely on untrusted & unsecured networks to access critical business resources.
This can introduce unique threats, enabling cyber-criminals to launch attacks against inadequately protected devices or intercept exposed communications.
Proper Integration
A proper integration of endpoint security, network security & ZTA/ZTNA addresses the challenges that WFA presents.
Criminals will make the most of any possible threat situation, & the past 2 years have provided many opportunities for network attack. Malware trends & the rise of exploit kits have proven this point, & it is now incumbent upon IT security teams to re-evaluate their security posture & adjust as needed.
A comprehensive, integrated security system that accounts for all work possibilities is a best practice.