The FBI warns about hackers carrying out ongoing vishing attacks, targeting companies around the world. In particular, hackers seek to steal corporate accounts and credentials, to access a network and escalate privileges.
Vishing is one of a kind social engineering An attack in which hackers "forge" a trusted entity during a voice call to persuade their unsuspecting targets to disclose sensitive information, such as bank details and connection credentials.
Hackers use Voice over platforms, according to the FBI warning Internet Protocol (VoIP) Also known as services IP Telephony - To Target Company Employees Around The World During attacks, hackers trick the target employees into motivating them to join a Phishing page that they check themselves, to collect the usernames And them codes access. In many cases, once they gain access to the company's network, hackers gain more access to the network than expected, which allows them to scale up privileges using the accounts of employees who have breached. In this way, they can gain further access to the violated networks and cause significant financial loss to the target company.
The FBI reported that in one of the vishing attacks targeting companies, hackers found an employee through the company's chatroom and persuaded him to log in to a fake VPN page they managed. In addition, they used these credentials to connect to the company's VPN and performed reconnaissance to locate someone with higher privileges. The cybercriminals used a messaging service to communicate and defraud the employee to provide them with login credentials.
According to BleepingComputer, this is the second time since the outbreak of his pandemic COVID-19 that the FBI warns of vishing attacks targeting company employees, as a large percentage have resorted to teleworking.
In August 2020, the FBI and CISA issued a joint advisory to remote workers, warning them of an ongoing phishing campaign targeting companies in various industries.
Specifically, the following were mentioned at that time: "In mid-July 2020, cybercriminals launched a phishing campaign - gaining access to the tools of employees of many companies - with the aim of making a profit. "Using the vished credentials, they stole data from corporate databases, which involved personal customer data, to be used in other attacks."
In addition, in the August attacks, hackers used malicious sites that "cloned" the internal VPN companies login pages, which helped them bypass two-factor authentication (2FA) or one-time passwords (OTP). After tricking victims into approving OTP or 2FA prompts, scammers gained control of their cell phones and bypassed 2FA and OTP authentication in one SIMs. swapping attack.
The FBI has outlined some steps companies must take to avoid vishing / phishing attacks:
- Implement Multi-Factor Authentication (MFA) to access employee accounts to minimize the potential for breach.
- When hiring new employees, access to the network should be granted on a minimum privilege scale. Periodically reviewing this network access for all employees can significantly reduce the risk of vulnerabilities and / or vulnerabilities within the network.
- Active scanning and monitoring for unauthorized access or modifications can help detect potential breaches to prevent or minimize data loss.
- Network segmentation must be implemented to split a large network into many smaller networks that allow administrators to control the flow of network traffic.
- Two accounts must be issued to administrators: an account with administrator privileges to make changes to the system, and an account to be used for email, development of updates, and reporting.