Fake collaboration apps are stealing data as staff struggle with home working security

There’s been a significant rise in organisations encountering malware attacks on remote devices over the course of the last year as employees have been forced to work from home.

The ongoing coronavirus pandemic has resulted in more remote working than ever before and both organisations and employees have had to quickly adapt to this new environment and the additional challenges that come with it.

One of those challenges is cyber criminals attempting to take advantage of remote workers’ insecure PCs as an entry point into corporate networks.

As a result of this, there’s been a rise in malware attacks targeting remote workers and according to cybersecurity company Wandera’s Cloud Security Report 2021, over half of organisations – 52 percent – experienced a malware incident on a remote device. That’s up from just 37 percent of organisations experiencing malware attacks on remote devices during 2019.

In many instances, cyber criminals are taking advantage of known vulnerabilities in software to help deliver malware under the radar, as users struggle with software management and patch installation without the direct aid of a corporate IT team.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Remote workers are tricked into downloading malicious applications from phishing emails which install malware, but they believe they’re installing something which will help their productivity.

“More often than not, the offending apps were being downloaded and installed by the remote workers themselves,” Michael Covington, VP at Wandera told ZDNet.

“We saw a fairly large number of apps claiming to offer collaboration functionality, though in reality they were designed to steal private information like messaging content or trick the user into granting access to the camera and microphone, thus enabling a remote attacker to eavesdrop”.

Worryingly, of those devices compromised by malware, over a third of users continued to access corporate emails while one in ten continued to access cloud services – both potentially providing hackers with much wider access to the network than they’d initially gained by compromised one remote machine.

Securing remote employees is proving to be a challenge for information security teams, who themselves are are now also working remotely, making the job even more difficult.

However, engaging with remote employees to provide advice on how to work safely and securely can go a long way to keeping them – and the wider organisation – safe from cyber attacks, something which will be better for everyone in the long run.

“Continuously engaging with workers on the sign-in mechanisms they should use, the incident reporting they should follow, and the applications that are approved for work will help everyone do their part to protect the business and its assets,” said Covington.


View original article here Source