Friday Is Peak Malware Distribution Day, Study Shows

If Mondays are usually when security administrators have their hands full cleaning up malware threats and data breaches, there’s a perfectly good reason for it. The weekend is when employees typically tend to bring their office laptops home and browse the Internet via poorly secured Wi-Fi connections — sometimes downloading all sorts of malicious software in the process. They then introduce the threat on the corporate network when they log back in at work.

Freaky Fridays

Cloud security services vendor Cyren recently examined daily malware distribution trends during the third quarter of this year as part of its “Cybersecurity Awareness Report.” It discovered that Friday is the peak distribution day for spam and malicious software.

According to the company, cybercriminals appear to be purposely spiking malware distribution on Fridays to take advantage of what they apparently consider to be less protected employees and corporate systems. Cyren’s review showed that, on average, cybercriminals distributed about 2.25 billion attachments containing malware on Fridays during the third quarter of 2015, or roughly three times the number distributed on other week days.

The numbers lend credence to the generally held perception that Mondays are when new malware tends to surface most on corporate networks, Cyren said in its report.

Ramping Up the Holiday Season

Enterprises would do well to pay heed to the trend. The holiday shopping season is when employees are likely to use work laptops and other mobile devices more extensively for personal use than they normally would, browsing e-commerce hubs, searching for products and buying goods online. If previous years are any indication, the holiday shopping season is also when cybercriminals seriously ramp up their efforts to try to infiltrate systems with malware, spyware and other threats.

The FBI and US-CERT have routinely issued alerts around this time each year warning consumers to be on the lookout for online trickery and scams. Last November, for instance, US-CERT issued an alert warning Internet users of cybercriminals using tools like rogue e-cards, shady social media campaigns, fake advertisements and phishing emails with malicious attachments to install malicious software on computers. Cybercriminals have been known to seed the Internet with hundreds of fraudulent websites in an attempt to lure users searching for items using terms such as “Black Friday” and “Cyber Monday.”

Not Just a Consumer Issue

It’s not just consumers that are exposed to the threat. Poorly secured corporate laptops, smartphones and tablets with access to enterprise data could become easy targets for compromise if adequate endpoint controls are not in place.

Corporate systems are exposed to other threats as well, especially when used from unsecured locations or via poorly protected Wi-Fi connections. The Cyren review showed that attackers have begun using phishing campaigns directed at the organizations that the victims work for rather than the individuals themselves.

A Sinister New Malware Campaign

According to Cyren, cybercriminals appear to be attempting to extract the name of the employer the victim works for in addition to their corporate network login names, email addresses, business phone numbers and passwords. Often the scams involved the use of emails that purport to arrive from trusted organizations such as LinkedIn, Amazon and Apple, Cyren said. The fake domains that cybercriminals have set up to lure users into parting with their corporate credentials include fake sites linked to Apple, DHL, Bank of America, Amazon and PayPal.

It is unclear what exactly the motives are behind the new phishing strategy, but it’s likely part of a long-term attack campaign by cybercriminals to collect and sell corporate login credentials for use in data breaches, Cyren said. Or cybercriminals could be trying to target and breach webmail services that can then be used to access corporate applications and data. Either way, users need to be aware of the schemes and keep security best practices in mind to ultimately avoid becoming a victim — or an unwitting participant.

Jaikumar Vijayan

Independent Journalist & Tech Content Creation Specialist

Jaikumar Vijayan is an award-winning technology journalist with nearly 25 years of experience in IT trade journalism....