Return to working from home prompts cyber attack warning from Zimperium

Thousands of Australians are working from home again, unwittingly putting their employers at risk of a cyber attack, says the company charged with protecting the phones of US troops.

Jared Lynch

@jaredm_lynch

2 min read

1:46PMJuly 25, 2022.

Updated 5:24PMJuly 25, 2022

The Australian Business Network

Working from home is putting Australian companies at greater risk of cyber attacks, according to Zimperium.

Australian companies are prioritising convenience over cybersecurity risks as they encourage thousands of their employees to return working from home, according to the firm tasked with protecting mobile devices of US troops.

Telstra and Westpac are among the nation’s biggest businesses that are launching new pandemic measures — including reintroducing working from home and mask wearing — as they combat a fresh wave of rising Covid-19 infections.

But Zimperium, a company formerly backed by Telstra’s venture capital arm, says branded remote working a “stubborn reality” which made Australian businesses more vulnerable to cyber attacks, with criminals tapping into popular mobile apps such as Slack and Microsoft 365 to mine sensitive company data.

Zimperium director of threat reporting Richard Melick says the high use of personal devices during remote working lead to “exposure and potential theft of data by malicious actors as they penetrate the often pitiful protections that non-enterprise networks and endpoints maintain”.

“The explosion of mass remote work has meant that workers are now accessing corporate data outside of the traditionally office-bound network perimeter. As a result, they’re working without the benefit of enterprise-grade security controls which could otherwise protect them,” he said.

Many Australians have returned to work from home following the spike in Covid-19 cases over winter.

The warning comes after a Zimperium report found that 25 per cent of mobile phone users in the Asia Pacific region, including Australia, encountered malicious websites in the past year. This compares with the global average of 12 per cent.

Phishing was the number one threat across Australia’s 21.6 million smart phones – which are split 55.1 per cent Android and 44.6 per cent Apple’s iOS.

Fitch Ratings has also warned that cyber attacks on business and government agencies are rising following Russia’s invasion of Ukraine, saying the risk of spillover cyberattacks against non-primary targets are becoming much more widespread.

Zimperium, which protects the smart phones and other mobile devices of tens of thousands of American troops globally after winning a US Department of Defence contract in late 2020 – found cyber criminals infiltrated devices via common communication tools like SMS messaging, social media and other chat programs.

Mr Melick said cyber criminals were also targeting popular productivity apps used to facilitate remote working.

“Cybercriminals know that and these kinds of applications have become a key attack vector for mobile threats. Office 365 is just such an example,” he said.

“The app is the cornerstone of many workplaces, hosting a whole suite of Microsoft applications including Word, Excel, and Teams. In fact, a recent Zimperium poll found that 84 per cent of security professionals had enabled it on their phones.

“It also appears to be a cornerstone for cybercriminals too. One report says that this software suite alone accounts for more than 72 per cent of exploits, compared to browsers which account for just 13 per cent. It’s the very popularity of this particular application that makes it such a popular target for mobile threats too – the broader the attack surface, the more chances to infiltrate the target.”

To this end, Mr Melick said mobile security measures must be installed on devices rather than be cloud based.

“It can’t call back to the cloud and must continually protect the device even when it’s not connected to the internet.

“The time is now for us to remember that mobile phones and tablets need security beyond what the manufacturers provide to stay ahead of these threats. We cannot keep putting safety at risk over convenience.”

Telstra Ventures offloaded its investment in Zimperium to Liberty Strategic Capital, the private equity firm founded and led by former US Treasury secretary Steven Mnuchin, in April as part of a $US525m ($761.55m) deal.