Fortinet FortiGuard Labs, Fortinet's global threat intelligence and research organization. Photo: Fortinet

Even as it seems like the world may be opening up post-Omicron, you shouldn't let your guard down when it comes to cybersecurity. The latest semiannual FortiGuard Labs Global Threat Landscape Report indicates that cybercriminals are developing attacks more quickly and are continuing to maximize remote work and learning as attack vectors.

According to the report, various forms of browser-based malware are prevalent; they often are phishing lures or scripts that inject code or redirect users to malicious sites. The three broad distribution mechanisms include:

  • Microsoft Office  files like Microsoft Excel or Word 
  • PDF files
  • Browser scripts embedded in HTML or using JavaScript

The techniques aren't new, but they continue to be a popular way for cybercriminals to exploit people’s emotions. By preying on a user's desire for the latest news about the pandemic, politics, sports, or other headlines, a cybercriminal can find ways to access corporate networks. Because hybrid work and remote learning are still a part of many people's lives, fewer layers of protection exist between malware and potential victims. 

The Perils of Email

Despite a rise in security awareness training in general and phishing testing in particular, email remains a top method for broad-based malware delivery. Most successful cyberattacks start with a user not recognizing a threat and taking action that puts the organization and possibly themselves at risk. Even with improvements in email security technologies like sandboxing and URL analysis, email-based attacks not only reach the end user but continue to fool them into taking action. 

Cybercriminals are well aware that remote workers are vulnerable, and they continue to launch convincing, timely attacks to take advantage of them. Bad actors are experts at the art of masquerading, manipulating, influencing, and devising lures to trick targets into divulging sensitive data and providing access to networks and facilities. Although many organizations offer cybersecurity training that includes information on recognizing phishing, a distressing number of users still can't spot malicious emails. And all it takes is one click by one user for malware to get in. 

Patch Vulnerabilities

Not all malware attacks are the fault of users. For example, cybercriminals used a vulnerability in the Microsoft Exchange software as an initial insertion point for the DearCry ransomware. Patching software quickly is essential because attackers no longer take days to weaponize vulnerabilities. Now, the timeframe is down to mere hours. In addition to patching, it’s important to disable unnecessary services, take a least-privilege approach to system configuration, and limit user control to applications that are allowed to run devices.

Remain Vigilant

Organizations must take a "work-from-anywhere" (WFA) approach to their security by deploying solutions capable of following, enabling, and protecting users no matter where they are located. Supporting WFA requires security that works whether the user is working from the corporate office, a home office, or while they're traveling and not in either the corporate or home office. Each of these locations poses challenges and requires specific security technology for complete protection.

In addition to the next-generation firewall (NGFW) in the office, these five key technologies keep employees productive and secure wherever they happen to be working.

  • Endpoint protection:  Employees take devices such as laptops with them as they move from the office to home and the airport, often connecting through unsecured public access points to access corporate resources. The increase in sophisticated malware means devices can be attacked in virtually any location. Organizations need an endpoint detection and response (EDR) solution that combines cloud-based artificial intelligence with automated playbooks to keep devices and their associated employees productive and safe. 
  • Application access control: Organizations need  Zero Trust Network Access (ZTNA)   to provide appropriate access for users in any location based on user and device identity, location, device type, and posture to establish secure access. 
  • Home network security and control: Enterprise-class security needs to extend to home networks, which are a vulnerable and potentially congested environment. Solutions should enable a corporate-controlled and secure network in the home that optimizes bandwidth for video conferences while also ensuring privacy for the family.  
  • Cloud-based security services: Securing the network is especially challenging when employees are on the road. Access to the internet should be protected by a cloud-based secure web gateway (SWG) and Firewall as a Service (FWaaS) services for secure connectivity while traveling.  

Security Needs to Be Everywhere

Protecting employees as they shift between office, home, coffee shop, airports, and everywhere in between has been a challenge for many IT teams, particularly as attacks have increased on remote workers. An integrated cyber security mesh platform can provide zero trust, endpoint, and network security solutions to deliver fully integrated security, services, and threat intelligence that seamlessly follows users whether they're on the road, at home, or in the office.

By deploying the right mix of security controls to thwart malware delivery, shield vulnerabilities from exploits, prevent installation, block execution, cut off external communication, and contain lateral movement, organizations can protect themselves from malware attacks even as the pandemic fades (we hope) into a distant memory.

Learn more about  FortiGuard Labs  threat research and the FortiGuard Security Subscriptions and Services  portfolio .  

Learn more about the Fortinet  free cybersecurity training initiative , the Fortinet  NSE Training program Security Academy program , and  Veterans program.