The Federal Bureau of Investigation (FBI) published a Private Industry Notification (PIN) that warns of ongoing vishing attacks aimed at stealing corporate accounts and credentials from US and international-based employees.
Vishing (also known as voice phishing) is a social engineering attack technique where attackers impersonate a trusted entity during a voice call in an attempt to trick victims into providing sensitive information.
The alert highlights that during the COVID-19 pandemic, organizations are more exposed to these attacks because had quickly changed their working processes to maintain the social distancing. As a result, network access and privilege escalation may not be fully monitored.
The threat actors are using Voice over Internet Protocol (VoIP) platforms to obtain employees’ credentials.
“Cyber criminals are trying to obtain all employees’ credentials, not justindividuals who would likely have more access based on their corporate position.” reads the FBI alert. “The cyber criminals vished these employees through the use of VoIP platforms.”
Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts.
The alert reports the case of an attack in which cyber criminals found an employee via the company’s chatroom, and tricked him into logging into the fake VPN page. Then attackers used these credentials to log into the company’s VPN and performed reconnaissance to find employees with higher privileges who could perform username and e-mail changes and found an employee through a cloud-based payroll service. Then the attackers used a chatroom messaging service to conduct a phishing attack against this employee
Below the mitigations recommended by the FBI:
In August 2020, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory warning remote workers of an targeting companies from several US industry sectors.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, vishing)
[adrotate banner=”5″]
[adrotate banner=”13″]