The need for companies to quickly enable remote access to business-critical applications was highlighted in a recent Akamai blog -- Enabling Business Continuity in an Uncertain Global Environment.
However, despite the current environment, what is already evident is that once businesses have addressed the remote access need, the next imperative is to look at how they can quickly improve security for employees who are now working remotely. Unfortunately, these uncertain times have created a target-rich environment for the scammers, hackers, and phishers.
For example, Brian Krebs highlighted how attackers are using off-the-shelf malware infection kits that leverage an interactive infection map created by Johns Hopkins University to generate malicious websites and phishing emails. Once installed on a device, the malware harvests user credentials.
Security researchers at Akamai have also observed phishing attacks leveraging recycled phishing kits in a series of campaigns taking advantage of the health crisis. Over the past few weeks, Akamai researchers have seen several examples of phishing URLs that include the terms corona, coronavirus, or World Health Organization (WHO). Most of these URLs are newly registered. The rapid proliferation of these targeted domains is also discussed in a recent ZDNet article that stated thousands of new sites using similar words are being registered and activated every day. Many of these new sites are being used for phishing attacks, distributing malware (including ransomware), or for financial fraud including tricking users into paying for fake cures, supplements, or vaccines.
Businesses face two significant security challenges.
The first is that, during this stressful time and especially when people are distracted and are more likely to be proactively looking for information, they are more likely to fall for a malicious phishing email or click on a "news" story that takes them to a malicious web page.
Secondly, many companies have designed their security stack with the assumption that the vast majority of employees will not be working remotely 100% of the time and will spend most of their time inside a network perimeter where tighter security controls are in place. When hundreds or even thousands of employees are suddenly working from home outside the normal perimeter, securing endpoint devices becomes a significantly bigger challenge.
Akamai Enterprise Threat Protector is a cloud-based secure web gateway that can be deployed in minutes and provides you with visibility into user and endpoint activity, regardless of location, allowing you to block malicious requests and enforce AUPs, comprehensively protecting your employees and your business. Enterprise Threat Protector can provide an effective layer of additional proactive security to complement existing endpoint antivirus software you have deployed. In addition, there's no need to use a VPN to backhaul web traffic to your head office for inspection and enforcement -- all web traffic can be sent to the Akamai Intelligent Edge Platform.
Enterprise Threat Protector leverages real-time threat intelligence based on Akamai's unprecedented view of the Internet and multiple inline and offline payload analysis engines, including Akamai's zero-day phishing detection engine.
To find out more about Enterprise Threat Protector and how it can help your business improve its security posture for remote working, please visit akamai.com/etp. Akamai is also offering a Business Continuity Assistance Program that includes complimentary 60-day usage of the Enterprise Application Access solution. Learn more about how Akamai can help you.