Millions of Americans who are conducting sensitive or confidential work on home networks during the Covid-19 crisis are substantially more likely to face malware and other security threats if they also have piracy devices and apps in their homes, according to a new study from Internet threat education body Digital Citizens Alliance (DCA).
A research survey commissioned by DCA found that those who had piracy devices and apps in the home were three times more likely to report an issue with malware than those who didn’t have such a device in the home. The poll shows how people are managing the pandemic as we approach the one-year anniversary of the start of large-scale quarantines that forced millions of Americans into their homes and out of their offices.
The findings are particularly troubling when it comes to those who work in jobs that can include sensitive or confidential information, such as corporate finance, national security, government, or the medical and legal fields.
Fifty per cent of those who work in jobs that can include sensitive or confidential information who said they had a piracy device in their home reported having an issue with malware in the last year. Only 17 per cent who said they didn’t have a piracy device reported malware, according to the study.
“When tens of millions of Americans were forced to work from home, it created a golden opportunity for hackers to mine their computers for sensitive information,” said Tom Galvin, executive director of the DCA. “Many Americans don’t realise that they open a window to their home when they plug a piracy device into their network. And if they work in jobs that can affect the economy or national security, for example, it’s a recipe for disaster.”
“What’s clear is remote working is becoming increasingly more normalised; what’s not clear is the impact of piracy devices and apps on economic and national security,” notes Timothy P. Murphy, the CEO of Consortium Networks and a former Deputy Director of the Federal Bureau of Investigation. “We can’t accept the risk or threat to the integrity of networks or our security solely on whether a piracy device is in the home. More research is needed to better understand the actual impact of these new vehicles for criminals and vulnerabilities for citizens, businesses, and law enforcement.”
As streaming emerged as the go-to way to watch TV shows and movies, hackers seized the moment. In 2019, Digital Citizens detailed how malware was spread through piracy apps. In one case, soon after a researcher downloaded a piracy app, malware within the app forwarded the researcher’s Wi-Fi network name and password to a server that appeared to be in Indonesia.
Shortly after, Microsoft and others posted warnings about the rise of malware from piracy apps and devices, and the Federal Trade Commission warned that piracy apps and devices pose a risk to home networks: “If malicious software on the pirate app gets inside your wireless network, it may try to infect other devices connected to your network. That could put at risk the computer you use for sensitive transactions like online banking or shopping. It could also expose your photos and other personal information.”
At the time, the belief was that malware posed the biggest threat to consumers. But the lockdown has turned homes into remote workplaces, with employees of small businesses, corporations, governments, non-profits, the military, and others sharing networks. That development raises a significant potential threat if malware is able to move from a network to a computer containing sensitive information, such as supply chain logistics or confidential financial information.
For example, in 2020 Malwarebytes conducted a survey of Covid’s impact on business cybersecurity. One in four surveyed reported that “they paid unexpected expenses specifically to address a cybersecurity breach or malware attack following shelter-in- place orders”.
The DCA research explored attitudes on entertainment options during the Covid lockdowns and reliance on pirate websites and devices and apps. Here are the key takeaways:
People who have jobs that could include sensitive or confidential information AND reported having a piracy device had a high incidence of reporting malware, according to the study: