COVID-19 , Governance & Risk Management , Remote Workforce
Malware Risk Higher for Those Working at Home: ReportBitSight Study Analyzes Exposure to Botnets, Other Threats
The shift to telework due to the global COVID-19 pandemic has raised the risk of exposure to botnets as well as Mirai and Trickbot malware, according to the security firm BitSight.
See Also: A Guide to Passwordless Anywhere
The study conducted in March, which looked at 41,000 organizations based in the U.S., found that 45 percent of companies had malware tied to their employees’ residential IP addresses for various devices, compared to the 13 percent of corporate networks exposed to malware. Bots were the most prevalent malware threatening at-home workers, which opens up the possibility of exposing corporate devices, as well as the data that they hold, to hacking, according to the Bitsight report.
"Corporate devices will be facing new risks of network compromise due to a higher population of malware that is more prevalent on residential networks," the report notes. "These malware families will pose a greater threat to devices whose operating environment relied on an over-emphasis on physical-based network controls."
Mirai malware was 20 times more likely to be found on devices with residential IP addresses than on corporate networks, and TrickBot was nearly four times more pervasive in the work-at-home environment, the report found (see: New TrickBot Variant Targets Telecoms in US, Asia: Report).
In most cases, these and other malware variants are taking advantage of misconfigured and vulnerable devices in workers' homes, including cable modems, routers, cameras, storage and internet of things devices, and then spring boarding to corporate laptops and other devices, which can leave company data exposed, says Dan Dahlberg, BitSight's director of security research.
"Mirai has primarily taken advantage of misconfigured or poorly configured IoT devices, including those left in default states or those with simplistic username and passwords," Dahlberg tells Information Security Media Group. "On the other hand, Trickbot is focused on harvesting credentials and dropping other malware whose primary vectors generally come from malicious spam campaigns, so its attacks are relatively more targeted in comparison."
Earlier this month, U.S. and U.K. law enforcement and cybersecurity agencies warned that cybercrime groups and nation-state hacking gangs are crafting phishing emails using the COVID-19 pandemic as a lure in order to get targets to open up a malicious file or click on a link that takes them a landing page that the attackers control. This is helping to spread malware, including versions of TrickBot (see: UK and US Security Agencies Sound COVID-19 Threat Alert).
Dahlberg says that the sudden shift to telework has made it more difficult to defend corporate devices and data. The study notes that almost 25 percent of those working at home had one or more devices exposed to the internet.
"Devices persistently working from home are going to be faced with different attack vectors into the local network, and perhaps the device itself, that normally would not be seen in a corporate environment," Dahlberg says.
Other researchers have observed how hackers are taking advantage of the work-from-home shift.
For example, in March, security firm Bitdefender found that cybercriminals were using brute-force attacks that enable them to change DNS settings on home and small business routers to redirect victims to fake COVID-19-themed websites that push infostealer malware (see: Hijacked Routers Steering Users to Malicious COVID-19 Sites).