Bleeping Computer publicly reported details of a limited-distribution advisory from last week by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). The agencies released an advisory to companies across numerous industries about a voice phishing (sometimes called “vishing”) campaign targeting remote workers in the United States. Voice phishing is an attack that utilizes social engineering techniques on a phone call to gain access to restricted sites or information, typically by impersonating a trusted member of the victim’s organization. This particular campaign began in mid-July of 2020 when criminals began gaining access to employee tools at multiple companies around the United States. The attacker quickly began harvesting customer information to assist in other attacks. The attackers also began selling the stolen credentials very quickly after gaining access to company networks. The criminals behind this campaign went as far as to register phishing domains which were clones of the targeted companies’ VPN login pages and contained the ability to harvest two-factor authentication codes and one-time passwords. The attackers initially began their campaign using VoIP numbers before switching to spoofed numbers of other company employees and office lines to make their vishing calls. Prior to calling any employees, the attackers appear to have compiled profiles on their victims through data obtained through public profiles, social media, background check services, and recruiter and marketing tools.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.