14 DAY TRIAL // Over the course of September 2019 to April 2021, Palo Alto Network's Unit 42 monitored firewall traffic and phishing sites detected by URL filters. The number of new phishing pages per week increased significantly when individuals began working from home.
Threat actors improved and intensified their phishing attacks by exploiting remote work environments where employees were not protected by corporate firewalls. Cybersecurity experts noticed a sudden and significant drop in traffic between March and April 2020, when COVID began spreading across the United States, forcing companies to switch to remote work.
Education and high-tech industries saw significant declines in traffic during this period, with the latter having the steepest drop: education (a 46% drop), most likely due to school closures, and high-tech (a 35% drop), probably because more employees starting working from home and having limited knowledge on cybersecurity best practices.
Overall, nearly every industry studied saw a significant drop in URL filtering traffic of about 30% or more. According to the researchers, an early rising trend in new phishing URLs was observed, beginning around February 2020 and peaking in June 2020.
An examination of phishing industries revealed that the following sectors were most affected by the practice: Telecommunications and High-Tech Industries, Agriculture, Education, Government, Local Government, Transportation, Logistics, Education, Media and Entertainment, Professional and Legal, Wholesale and Retail.
Unit 42 provides the following recommendations to better protect yourself from phishing attacks:
- Be careful when clicking on links or attachments in emails sent by suspicious sources, particularly those relating to personal information or account settings
- When an email conveys a sense of urgency, resist the impulse to immediately do what it asks
- For questionable emails in your inbox, check the sender's address.
- Before entering your credentials, double-check the URL and the security certificate on any website.
- Report suspicious phishing attempts to IT or your organization's InfoSec.