19 January 2021

FBI warns of ongoing vishing attacks seeking to steal corporate credentials


FBI warns of ongoing vishing attacks seeking to steal corporate credentials

The Federal Bureau of Investigation (FBI) has released an alert warning organizations of ongoing vishing attacks aiming to steal corporate accounts or credentials for network access and privilege escalation fr om US and international-based employees at large companies.

Vishing (aka voice phishing) is a social engineering technique wh ere an attacker impersonates a trusted entity during a voice call to trick users into revealing sensitive information.

According to the FBI, cybercriminals use VoIP (Voice-over-IP) platforms to target company employees via phone calls where they use social engineering techniques to trick employees into giving up their username and password.

“After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage,” the alert said.

In one instance, the cybercriminals contacted an employee via the company’s chatroom, and convinced them to log into the fake VPN page operated by the attackers. The threat actor then used these credentials to log into the company’s VPN and found an employee through a cloud-based payroll service who could perform username and email changes. The attackers obtained this employee’s login credentials by contacting them via a chatroom messaging service.

To prevent these attacks the FBI recommends to:

  • Implement multi-factor authentication (MFA) for accessing employees’ accounts in order to minimize the chances of an initial compromise.

  • When new employees are hired, network access should be granted on a least privilege scale. Periodic review of this network access for all employees can significantly reduce the risk of compromise of vulnerable and/or weak spots within the network.

  • Actively scanning and monitoring for unauthorized access or modifications can help detect a possible compromise in order to prevent or minimize the loss of data.

  • Network segmentation should be implemented to break up one large network into multiple smaller networks which allows administrators to control the flow of network traffic.

  • Administrators should be issued two accounts: one account with admin privileges to make system changes and the other account used for email, deploying updates, and generating reports.

Back to the list

Latest Posts

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

SunCrypt may be an updated version of the QNAPCrypt ransomware.
4 March 2021
Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

The cybercriminals behind the Clop ransomware operation have posted screenshots of files allegedly stolen from Qualys on their leak site.
4 March 2021
CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

Several APT groups are exploiting "at least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks, ESET says.
4 March 2021