More employees than ever are working from home right now, many accessing popular enterprise apps like Office 365, Box, Salesforce, Concur, and others from their personal devices. They’re also likely using those same devices to access personal apps and a browser to use email, games, news, social media, and banking resources.

With the COVID-19 pandemic, attackers have seen an opportunity to steal user credentials from these personal devices, which are now being used for work and likely don’t have the same security protections as corporate devices. Malware on an employee device could collect sensitive information like a company’s intellectual property or personal data like passwords, credit card info, or personally identifiable information (PII), without the user knowing.

One example: The National Cyber Awareness System (NCSC) has identified email messages, appearing to be sent from Dr. Tedros Adhanom Ghebreyesus, Director-General of WHO, that deploy the “Agent Tesla” keylogger malware. A similar campaign offers thermometers and face masks to fight the epidemic. The email purports to attach images of these medical products but instead contains a loader for Agent Tesla.

According to Verizon’s most recent Data Breach Investigations Report, “Data breaches continue to make headlines around the world. 52% of data breaches are credential hacks and 33% are targeted social engineering, which tricks people into installing malware onto their devices.”

With many organizations mandating remote work in response to the COVID-19 pandemic, employees are often choosing whichever endpoint can give them the quickest access to the resources they need. This means they’re turning to a personal laptop, a tablet, or their phone. They get easy access, but they also increase the attack surface for malware that can ravage through an organization’s systems, causing millions of dollars in data loss and creating liability for regulatory and compliance lapses. A compromised endpoint can be used to harvest information such as keystrokes or session contents displayed on the user’s screen.

The Citrix Approach

Citrix gives IT admins the ability to protect their organization from data breaches and credential thefts. The App Protection feature enables Citrix Virtual Apps and Desktops admins to enforce policies so that when users connect to sessions, their endpoint has anti-screen capture/grabbing and anti-keylogging protection. This protects employees from dormant screen-grabbing malware or keyloggers that could potentially capture passwords or personal information.

App protection policies work by controlling access to specific API calls of the underlying OS required to capture screens or keyboard presses. These policies can protect against even the most customized and purpose-built hacker tools. It helps to secure any virtual or web application that employees use within Citrix Workspace, as well as authentication dialog boxes (preventing password leaks) and the Citrix StoreFront UI within Workspace.

Protect Against Keyloggers

The App Protection feature makes the text entered by the user indecipherable by encrypting it before keylogging tool can access it. A keylogger installed on the client endpoint reading the data would capture gibberish characters instead of the keystrokes the user is typing. The image below shows how text gets scrambled for an attacker using a keylogger.

Protect Against Screen Capture

More remote workers means more remote meetings and web conferencing through a variety of applications. These meetings usually require employees to share their screens, which opens the possibility of exposing sensitive data by mistake. The App Protection feature protects against screenshot malware and web conference screen capturing by returning a blank screenshot instead of the information on a user’s screen. This also applies to the most common snipping tools, print-screen tools, screen capture and recording tools.

The Citrix Advantage, Delivered via Citrix Workspace

Citrix Workspace’s app protection capabilities are agnostic of a device’s security posture and have proved popular with companies in regulated industries. They’re easy to manage, too. The IT admin centrally controls the features, like any other Citrix per-session policies. And App Protection not only protects enterprise virtual apps and SaaS apps, it also extends same level of protection for content delivered with Citrix Content Collaboration and the Office 365 suite of apps within Citrix Workspace.

App Protection delivers invisible and continuous security to users without affecting productivity, protecting the user by protecting the workspace on BYO/unmanaged devices and supporting secure business continuity processes. Learn more about App Protection.