Phishing attacks during the COVID-19 pandemic have evolved from being targeted at users, to being targeted at enterprises and their technologies.
In a panel session during the Akamai Edge Live virtual conference led by product marketing manager Jim Black, principal lead security researcher Or Katz said he has seen a rise in phishing attacks targeted at enterprises, rather than at users.
Discussing the increase in phishing attacks since lockdown began in March, Katz said there has been an increased numbers of victims of phishing attacks, as well as an increase in the number of attacks.
“The most interesting thing we’ve seen in the last six months is enterprise-based phishing attacks,” h said. “These are targeting enterprise based credentials, and are increasing more rapidly than consumer-based attacks.”
While he admitted that the attacks at a consumer level are more dominant, he said the increase in attacks on the enterprise could impact security technologies. “Imagine if VPN credentials were stolen, imagine the damage done to the organization and its data.”
Steve Winterfield, senior security technology and strategy director at Akamai, said this is an opportunity for users to understand the risks they take considering the changes in the way we work.
Katz agreed, saying businesses should consider the visibility they have into incoming web traffic, and “figure out what happened before COVID in terms of the habits of users.”
Katz said: “The fact is that people are now connected from home and have become a target for threat actors, and there are few boundaries between their activities as a lot of threats target the connection from home.”
Asked by Black what advice he would give to enterprises, Winterfield said the advice is not really new, as the threat is “what we have been fighting for a while,” but there has been an increase in activity, evolution and techniques and processes of attacks.
He added: “How remote access worked is less important now it is working, so it is time to move to a new generation of access management and get the benefits of security, and reduce friction for users as otherwise you build backdoors that negate what work you have done.”