Saturday, February 20, 19:08
Home security FBI: Hackers target vishing attacks companies around the world!

FBI: Hackers target vishing attacks companies around the world!

The FBI warns about hackers carrying out ongoing vishing attacks, targeting companies around the world. In particular, hackers seek to steal corporate accounts and credentials, to access a network and escalate privileges.

Vishing is one of a kind social engineering An attack in which hackers "forge" a trusted entity during a voice call to persuade their unsuspecting targets to disclose sensitive information, such as bank details and connection credentials.

FBI: Hackers target vishing attacks companies around the world!

Hackers use Voice over platforms, according to the FBI warning Internet Protocol (VoIP) Also known as services IP Telephony - To Target Company Employees Around The World During attacks, hackers trick the target employees into motivating them to join a Phishing page that they check themselves, to collect the usernames And them codes access. In many cases, once they gain access to the company's network, hackers gain more access to the network than expected, which allows them to scale up privileges using the accounts of employees who have breached. In this way, they can gain further access to the violated networks and cause significant financial loss to the target company.

The FBI reported that in one of the vishing attacks targeting companies, hackers found an employee through the company's chatroom and persuaded him to log in to a fake VPN page they managed. In addition, they used these credentials to connect to the company's VPN and performed reconnaissance to locate someone with higher privileges. The cybercriminals used a messaging service to communicate and defraud the employee to provide them with login credentials.

According to BleepingComputer, this is the second time since the outbreak of his pandemic COVID-19 that the FBI warns of vishing attacks targeting company employees, as a large percentage have resorted to teleworking.

FBI-CISA

In August 2020, the FBI and CISA issued a joint advisory to remote workers, warning them of an ongoing phishing campaign targeting companies in various industries.

Specifically, the following were mentioned at that time: "In mid-July 2020, cybercriminals launched a phishing campaign - gaining access to the tools of employees of many companies - with the aim of making a profit. "Using the vished credentials, they stole data from corporate databases, which involved personal customer data, to be used in other attacks."

In addition, in the August attacks, hackers used malicious sites that "cloned" the internal VPN companies login pages, which helped them bypass two-factor authentication (2FA) or one-time passwords (OTP). After tricking victims into approving OTP or 2FA prompts, scammers gained control of their cell phones and bypassed 2FA and OTP authentication in one SIMs. swapping attack.

FBI: Hackers target vishing attacks companies around the world!

The FBI has outlined some steps companies must take to avoid vishing / phishing attacks:

  • Implement Multi-Factor Authentication (MFA) to access employee accounts to minimize the potential for breach.
  • When hiring new employees, access to the network should be granted on a minimum privilege scale. Periodically reviewing this network access for all employees can significantly reduce the risk of vulnerabilities and / or vulnerabilities within the network.
  • Active scanning and monitoring for unauthorized access or modifications can help detect potential breaches to prevent or minimize data loss.
  • Network segmentation must be implemented to split a large network into many smaller networks that allow administrators to control the flow of network traffic.
  • Two accounts must be issued to administrators: an account with administrator privileges to make changes to the system, and an account to be used for email, development of updates, and reporting.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...

Xbox gift cards are sold at a 10% discount on Amazon

Xbox owners can save some money on games, add-ons, subscriptions and more if they buy Xbox gift cards at ...

Perseverance: NASA spacecraft lands on Mars!

The spacecraft "Perseverance" successfully landed yesterday, shortly before 11 pm Greek time on Mars. Aim of this mission of ...

YouTube: You can play 4K videos on devices with low resolution screens

Youtube application on Android allows you to play videos up to 4K resolution. All you need is a phone with ...

Top positions Software Engineering and coding skills for 2021

Due to COVID-19, recruitment efforts and employment opportunities fell sharply last year. However, the technology industry has proven to be more resilient ...
00:10:13

Phishing emails: How to recognize them and how to protect yourself?

https://www.youtube.com/watch?v=iME-CzlKVzc Το phishing είναι ίσως η μεγαλύτερη απειλή στον κυβερνοχώρο εδώ και περισσότερα από πέντε χρόνια. Γι΄...