Morioh
Login
Fredy Larson

Fredy Larson

3 years ago

Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders.

The rate of mobile phishing rose sharply between the last quarter of 2019 and the first quarter of 2020, a boost most likely due to the increased number of people working from home due to COVID-19 stay-at-home orders, new research has found.

In fact, encounter rates for enterprise mobile phishing increased 37 percent between the last quarter of 2019 and the first quarter of 2020, from around 16 percent to 22 percent.

The Mobile Phishing Spotlight Report from Lookout highlights how threat actors have shifted their tactics to take advantage of the evolving move from the physical to mobile or home office in the wake of the COVID-19 pandemic, which forced many companies to order their employees to work from home and use mobile devices as part of their every-day productivity.

“Workers are no longer within the protective perimeter of their office-based security controls,” wrote Hank Schless, senior manager of security solutions at Lookout in a blog post about the research. “In short, remote work has created a prime opportunity for cybercriminals to expand their phishing attacks.”

As this trend will likely continue for the foreseeable future — with large corporations such as Google, Twitter, Facebook and Amazon keeping their workforce remote until all shelter-in-place regulations are lifted — organizations may have to shift their security tactics and education of employees to keep up with the evolving threat, he said.

“With this new reality, organizations need to ensure they are prepared,” Schless wrote.

Indeed, phishing in general has been an attack of choice for threat actors during the pandemic, with attackers widely using socially-engineered email lures to get victims to download infostealers and other types of malware. At one point cyberattackers were sending 1.5 million malicious emails per day related to the COVID-19 pandemic, researchers found.

Mobile phishing attacks, however, are different from typical phishing campaigns that target workstations and laptops in several ways. For one thing, they don’t always come in the form of emails, Schless noted. The mobile platform gives attackers a wider playing field with which to work and deliver malicious links for installing malware: They can use SMS, social media, messaging platforms and even dating apps to deliver malicious payloads via phishing attacks on mobile devices, he said.

Another difference is that people tend to use (as well as trust) their mobile devices more, as they “sit at the intersection of their owners’ personal and professional identity,” Schless wrote. This might make them less attentive to the possibility of receiving attacks on this interface.

#mobile security #web security #amazon #coronavirus #covid-19 #cybersecurity #email #facebook #google #lookout #malware #mobile apps #mobile phishing #sms #stay at home orders #twitter #work from home

Enterprise Mobile Phishing Attacks Skyrocket Amidst Pandemic

threatpost.com

Enterprise Mobile Phishing Attacks Skyrocket Amidst Pandemic

Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders.

1.10 GEEK