The Federal Bureau of Investigation (FBI) has released an alert warning organizations of ongoing vishing attacks aiming to steal corporate accounts or credentials for network access and privilege escalation fr om US and international-based employees at large companies.
Vishing (aka voice phishing) is a social engineering technique wh ere an attacker impersonates a trusted entity during a voice call to trick users into revealing sensitive information.
According to the FBI, cybercriminals use VoIP (Voice-over-IP) platforms to target company employees via phone calls where they use social engineering techniques to trick employees into giving up their username and password.
“After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage,” the alert said.
In one instance, the cybercriminals contacted an employee via the company’s chatroom, and convinced them to log into the fake VPN page operated by the attackers. The threat actor then used these credentials to log into the company’s VPN and found an employee through a cloud-based payroll service who could perform username and email changes. The attackers obtained this employee’s login credentials by contacting them via a chatroom messaging service.
To prevent these attacks the FBI recommends to:
Implement multi-factor authentication (MFA) for accessing employees’ accounts in order to minimize the chances of an initial compromise.
When new employees are hired, network access should be granted on a least privilege scale. Periodic review of this network access for all employees can significantly reduce the risk of compromise of vulnerable and/or weak spots within the network.
Actively scanning and monitoring for unauthorized access or modifications can help detect a possible compromise in order to prevent or minimize the loss of data.
Network segmentation should be implemented to break up one large network into multiple smaller networks which allows administrators to control the flow of network traffic.
Administrators should be issued two accounts: one account with admin privileges to make system changes and the other account used for email, deploying updates, and generating reports.