According to an industry notification from the FBI this week, cybercriminals are turning to voice phishing, or what's commonly known as "vishing", in order to attempt to steal system login credentials and gain unauthorized access to corporate networks.
"According to FBI case information, as of December 2019, cyber criminals collaborated to target both US-based and international-based employees’ at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms. Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage."
Roman Tobe, Strategist, Abnormal Security had this to say about the warning from the FBI:
“With so many employees working from home, threat actors are increasingly turning to vishing campaigns to gain a foothold for privilege escalation. Companies and their employees are under the constant threat of malicious actors who are developing more and more ways to get them to disclose credentials. Whether it’s an expertly-crafted email or a convincing voice message, it’s essential that employees approach any incoming request for information with a critical eye in order to confirm it’s coming from a trusted source. If there is any question as to the validity, employees should immediately flag it to their security team.”
The FBI provided these security recommendations for organizations:
Implement multifactor authentication (MFA) to access the accounts of employees to minimize the chances of an initial compromise.
Grant network access on a least privilege scale for all new employees. Further, periodically review network access for all employees to reduce the risk of compromise of vulnerable and weak spots on the network.
Actively scan and monitor for unauthorized access or modifications of key resources. This can help detect a possible compromise as a way to prevent or minimize the loss of data.
Divide your network into segments. Breaking up a large network into multiple smaller networks helps administrators better control the flow of network traffic.
Give administrators two separate accounts. One account should have admin privileges so they can make system changes. The other account can be used for email, deploying updates, and generating reports.