May 12, 2021 • Category: Threat Research • By: HP Wolf Security • Comments: 0

Announcing HP Wolf Security, and a New Report Assessing Remote Working Cyber Risks

Today we are excited to announce the findings of a new report – Blurred Lines & Blindspots – a comprehensive global study assessing organizational cyber risk in an era of remote work. The report shows that changing work styles and behaviors are creating new vulnerabilities for companies, individuals, and their data.

According to the findings, 70% of office workers surveyed admit to using their work devices for personal tasks, while 69% are using personal laptops or printers for work activities. Almost one-third (30%) of remote workers surveyed have let someone else use their work device. As a result of these and other behaviors, home workers are increasingly being targeted by hackers.

The study provides a multi-dimensional view by combining findings from: a global YouGov online survey of 8,443 office workers; a global survey of 1,100 IT Decision Makers (ITDMs), conducted by Toluna; real-world threat data shared by customers from HP Sure Click micro-virtual machines; and analysis from KuppingerCole, an international, independent analyst firm. KuppingerCole notes there has been a 238% increase in global cyberattack volume during the pandemic.

“As the lines between work and home have blurred, security risks have soared and everyday actions such as opening an attachment can have serious consequences. Without all of the pre-pandemic sources of visibility of devices, and how they are being used and by who, IT and security teams are working with clouded vision.” – Joanna Burkey, Chief Information Security Officer (CISO), HP Inc.

Our report coincides with the launch of HP Wolf Security, the company’s newly integrated portfolio of secure by design PCs and printers, hardware-enforced endpoint security software, and endpoint security services.

Blurred lines between home and office creating new risks

71% of employees surveyed say they access more company data, more frequently, from home now than they did pre-pandemic – with the most common types of data being accessed being: customer and operational data (43% each) and financial and HR records (23% each). At the same time, office workers are increasingly using their work devices for personal tasks. For example:

33% download more from the internet than before the pandemic – a figure that rises to 60% for those aged 18-24.
27% of respondents use their work device to play games more than before the pandemic – rising to 43% for parents of children aged 5-16.
36% use their work device for watching content using online streaming services – again, this figure rises to 60% among those aged 18-24.
Four in ten office workers admit to using their work device for homework and online learning more in the past year. A figure that rises to 57% for parents of children aged 5-16.

Hackers are taking advantage of these shifting patterns to tailor their phishing campaigns. According to KuppingerCole, there was a 54% increase in malicious actors exploiting gaming platforms between January and April 2020, often directing users to phishing pages. HP Wolf Security’s threat insights also showed an increase in gaming-themed malware. For example, we identified campaigns distributing Ryuk ransomware via filesharing sites and samples of stealthy JavaScript downloader malware, Gootloader, both of which masqueraded as Fortnite cheats.

Figure 1 – A sample of Ryuk ransomware masquerading as video game cheats isolated by HP Sure Click Enterprise.

KuppingerCole also found at least 700 fraudulent websites impersonating popular streaming services were identified in just one 7-day period in April 2020. Added to this, HP Wolf Security insights showed users attempting to download malware-infected files – including ransomware – from their personal email accounts to their work devices. Had these customers not been protected by HP Wolf Security micro-virtualisation then these incidents would have resulted in a breach, as they had successfully evaded all other layers of security.

Figure 2 – Stealthy game-themed Gootloader malware from a campaign in December 2020 to February 2021.

Report Key Findings

76% of office workers surveyed say working from home during COVID-19 has blurred the lines between their personal and professional lives.
27% of office workers surveyed say they know they are not meant to share work devices but felt they ‘had no choice’ – yet 85% of ITDMs worry such behavior increases their company’s risk of a security breach.
Half of office workers say they now see their work devices as a personal device, while 84% of ITDMs worry such behavior increases their company’s risk of a security breach.
Over the past year: 54% of ITDMs saw an increase in phishing; 56% an increase in web browser related infections; 44% saw compromised devices being used to infect the wider business; while 45% saw an increase in compromised printers being used as an attack point.

Introducing HP Wolf Security

In response to these challenges, HP is today announcing HP Wolf Security: a newly integrated portfolio of secure by design PCs and printers, hardware-enforced endpoint security software, and endpoint security services to protect customers from growing cyber threats. The company’s new HP Wolf Security platform builds on over 20 years of security research and innovation to offer a unified portfolio for customers focused on delivering comprehensive endpoint protection and cyber-resiliency. To support the launch of HP Wolf Security, HP has created a series of creative videos, depicting security scenarios that have come about due to the shift to remote working during the pandemic. These videos, starring Christian Slater as ‘The Wolf’ – who walks the line between good and bad, putting to use his hacker mindset to show how an attacker might operate – help to demonstrate the impact of such risks.