November 11, 2015 By Jaikumar Vijayan 3 min read

If Mondays are usually when security administrators have their hands full cleaning up malware threats and data breaches, there’s a perfectly good reason for it. The weekend is when employees typically tend to bring their office laptops home and browse the Internet via poorly secured Wi-Fi connections — sometimes downloading all sorts of malicious software in the process. They then introduce the threat on the corporate network when they log back in at work.

Freaky Fridays

Cloud security services vendor Cyren recently examined daily malware distribution trends during the third quarter of this year as part of its “Cybersecurity Awareness Report.” It discovered that Friday is the peak distribution day for spam and malicious software.

According to the company, cybercriminals appear to be purposely spiking malware distribution on Fridays to take advantage of what they apparently consider to be less protected employees and corporate systems. Cyren’s review showed that, on average, cybercriminals distributed about 2.25 billion attachments containing malware on Fridays during the third quarter of 2015, or roughly three times the number distributed on other week days.

The numbers lend credence to the generally held perception that Mondays are when new malware tends to surface most on corporate networks, Cyren said in its report.

Ramping Up the Holiday Season

Enterprises would do well to pay heed to the trend. The holiday shopping season is when employees are likely to use work laptops and other mobile devices more extensively for personal use than they normally would, browsing e-commerce hubs, searching for products and buying goods online. If previous years are any indication, the holiday shopping season is also when cybercriminals seriously ramp up their efforts to try to infiltrate systems with malware, spyware and other threats.

The FBI and US-CERT have routinely issued alerts around this time each year warning consumers to be on the lookout for online trickery and scams. Last November, for instance, US-CERT issued an alert warning Internet users of cybercriminals using tools like rogue e-cards, shady social media campaigns, fake advertisements and phishing emails with malicious attachments to install malicious software on computers. Cybercriminals have been known to seed the Internet with hundreds of fraudulent websites in an attempt to lure users searching for items using terms such as “Black Friday” and “Cyber Monday.”

Not Just a Consumer Issue

It’s not just consumers that are exposed to the threat. Poorly secured corporate laptops, smartphones and tablets with access to enterprise data could become easy targets for compromise if adequate endpoint controls are not in place.

Corporate systems are exposed to other threats as well, especially when used from unsecured locations or via poorly protected Wi-Fi connections. The Cyren review showed that attackers have begun using phishing campaigns directed at the organizations that the victims work for rather than the individuals themselves.

A Sinister New Malware Campaign

According to Cyren, cybercriminals appear to be attempting to extract the name of the employer the victim works for in addition to their corporate network login names, email addresses, business phone numbers and passwords. Often the scams involved the use of emails that purport to arrive from trusted organizations such as LinkedIn, Amazon and Apple, Cyren said. The fake domains that cybercriminals have set up to lure users into parting with their corporate credentials include fake sites linked to Apple, DHL, Bank of America, Amazon and PayPal.

It is unclear what exactly the motives are behind the new phishing strategy, but it’s likely part of a long-term attack campaign by cybercriminals to collect and sell corporate login credentials for use in data breaches, Cyren said. Or cybercriminals could be trying to target and breach webmail services that can then be used to access corporate applications and data. Either way, users need to be aware of the schemes and keep security best practices in mind to ultimately avoid becoming a victim — or an unwitting participant.

More from

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today