Pierluigi Paganini January 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts.

The Federal Bureau of Investigation (FBI) published a Private Industry Notification (PIN) that warns of ongoing vishing attacks aimed at stealing corporate accounts and credentials from US and international-based employees.

Vishing (also known as voice phishing) is a social engineering attack technique where attackers impersonate a trusted entity during a voice call in an attempt to trick victims into providing sensitive information.

The alert highlights that during the COVID-19 pandemic, organizations are more exposed to these attacks because had quickly changed their working processes to maintain the social distancing. As a result, network access and privilege escalation may not be fully monitored.

The threat actors are using Voice over Internet Protocol (VoIP) platforms to obtain employees’ credentials.

“Cyber criminals are trying to obtain all employees’ credentials, not justindividuals who would likely have more access based on their corporate position.” reads the FBI alert. “The cyber criminals vished these employees through the use of VoIP platforms.”

Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts.

The alert reports the case of an attack in which cyber criminals found an employee via the company’s chatroom, and tricked him into logging into the fake VPN page. Then attackers used these credentials to log into the company’s VPN and performed reconnaissance to find employees with higher privileges who could perform username and e-mail changes and found an employee through a cloud-based payroll service. Then the attackers used a chatroom messaging service to conduct a phishing attack against this employee

Below the mitigations recommended by the FBI:

• Implement multi-factor authentication (MFA) for accessing employees’ accounts in order to minimize the chances of an initial compromise.
• When new employees are hired, network access should be granted on a least privilege scale. Periodic review of this network access for all employees can significantly reduce the risk of compromise of vulnerable and/or weak spots within the network.
• Actively scanning and monitoring for unauthorized access or modifications can help detect a possible compromise in order to prevent or minimize the loss of data.
• Network segmentation should be implemented to break up one large network into multiple smaller networks which allows administrators to control the flow of network traffic.
• Administrators should be issued two accounts: one account with admin privileges to make system changes and the other account used for email, deploying updates, and generating reports.

In August 2020, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory warning remote workers of an ongoing vishing campaign targeting companies from several US industry sectors.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, vishing)

[adrotate banner=”5″]

[adrotate banner=”13″]