Threat Watch

FBI Warns of Corporate Vishing Attacks

The Federal Bureau of Investigation (FBI) has issued a notification warning of continued vishing attacks against cooperate accounts and network access credentials. Vishing (also known as voice phishing) is a social engineering technique where an attacker impersonates a trusted entity during a voice call to trick users into revealing sensitive information. According to the warning, attackers are using Voice-over-IP (VoIP) platforms to target company employees. With The work from home posture many companies have had to adopt due to COVID-19 restrictions, remote network access has grown by leaps and bounds. The attackers are attempting to trick lower-level employees, through a voice call, into giving then either their network credentials or their VPN credentials. In some cases, the maliciously acquired credentials allowed the attacker to escalate their new privileges within the network. This is the second warning that the FBI has released in less than a year concerning vishing, the first one was published in August of 2020 and warned of basically the same attacks.

ANALYST NOTES

Analysts Notes: In the report from the FBI, they provide companies with the following tips to help with defending from these attacks:

• Implement multi-factor authentication (MFA) for accessing employees’ accounts in order to minimize the chances of an initial compromise.
• When new employees are hired, network access should be granted on a least privilege scale. Periodic review of this network access for all employees can significantly reduce the risk of compromise of vulnerable and/or weak spots within the network.
• Actively scanning and monitoring for unauthorized access or modifications can help detect a possible compromise in order to prevent or minimize the loss of data.
• Network segmentation should be implemented to break up one large network into multiple smaller networks which allows administrators to control the flow of network traffic.
• Administrators should be issued two accounts: one account with admin privileges to make system changes and the other account used for email, deploying updates, and generating reports.

Source Article: https://www.bleepingcomputer.com/news/security/fbi-warns-of-vishing-attacks-stealing-corporate-accounts/