Employees working during holiday pose a security risk – research

Before the Internet, a holiday meant time completely free of office work – lounging on the beach, spending quality time with family or travelling. It’s no longer the case today, and hasn’t been for years.

Research has shown that remote working requires additional steps to secure company data. Some organizations do it better than others but, considering the benefits for new parents and freelancers, it’s something companies big and small live with.

However, according to new research by T-Systems, Deutsche Telekom’s cyber-security division, letting employees work on holiday is an altogether different matter – one that poses major security risks.

Interviewing 2,050 full-time UK workers, the company found:

  • 31% use free Wi-Fi hotspots, and 24% use them for work-related emails and documents, opening the door to hackers who might want that data
  • 28% of employees send work documents to and from their personal email
  • 10% plug their work device into USB charging points at airports and stations that a hacker can use to deploy malware onto the machine
  • 18% connect their digital camera to their work computer to download photos
  • 15% connect USB sticks and memory cards that they share with family members who themselves connect them to home computers that can be infected with malware
  • 28% of employees have never had any cyber security training

The last data point is probably the most important. T-Systems’ UK head Scott Cairns had this to say about it:

“Where it is unavoidable, businesses should ensure there is training, and clear guidelines to be followed. This training is particularly important, as our research shows many employees are not knowledgeable on the multitude of ways their devices can be infected with viruses and malware… and those who thought they were ‘very knowledgeable’ frequently gave the wrong answer when questioned.”

Data from Thycotic’s 2017 State of Cybersecurity Metrics Annual Report backs these findings. In a Security Measurement Index benchmark survey of 400+ business and security executives, the company found that 58% of organizations worldwide fail to effectively measure their cybersecurity investments and performance.

Globally, upwards of $100 billion is spent every year on cybersecurity defenses, yet an alarming 32 percent of companies purchase cybersecurity blindly, the firm said. In fact, Thycotic found that one in three companies had no way to measure the value or effectiveness of their cybersecurity technologies. And of those that do train employees in security, four out of five never measure the success of such initiatives.

As 60% percent of small companies go out of business within months of a breach, it’s clear why companies need to pay close attention to staff awareness of security threats posed by taking work on holiday with them.

Targeted Spyware Apps for Android Eradicated by Google

Google’s Android Security has found and blocked a series of targeted spyware apps, part of the Lipizzan malware family, believed to have been developed for cyber espionage. Although the apps seemed to have a benign behavior at first, a second malicious payload would be downloaded once the device matched certain criteria.

Both the benign and the malicious component seem to have been developed by the same company, Equus Technologies, as security researchers concluded the stage two payload had the same signing certificate as the stage one application. Uploading the applications with names such as “Backup” or “Cleaner”, the applications would seem perfectly legitimate until the malicious payload is downloaded.

“Lipizzan is a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media,” reads the security blog post. “We have found 20 Lipizzan apps distributed in a targeted fashion to fewer than 100 devices in total and have blocked the developers and apps from the Android ecosystem. Google Play Protect has notified all affected devices and removed the Lipizzan apps.”

To exfiltrate data, the second stage of Lipizzan would root the device using known exploits, then start retrieving data from apps such as Gmail, Hangouts, KakaoTalk, LinkedIn, Messenger, Skype, Snapchat, StockEmail, Telegram, Threema, Viber and Whatsapp.

Once the found apps were banned from Google Play, new apps with similar behavior were submitted under different names ranging from “cleaner” and “notepad” to “sound recorder” and “alarm manager”. However, this time the malicious payload was bundled directly within the apps as an encrypted resource.

Despite this new attempt at re-submitting malicious apps, Google detected the scheme and blocked them once more, while at the same time notifying all affected devices.