The Federal Bureau of Investigation had issued a warning letter to control the ongoing vishing attacks that used to steal the information of corporate accounts and credentials for network access and take advantage of international and the United States based employees.

The term Vishing is known as voice phishing, it is a type of social engineering attack in which the attackers imitate a trustworthy person through a voice call to conduct the attack. The actors will try to sneak out personal information such as login credentials and banking details.

In this epidemic of COVID-19, many organizations will be going to adapt to updating technology and changing environments along with that they follow social distancing orders and having many restrictions by the government, due to this the network access is not completely monitored.

Who is Affected?

According to the investigations, the actors who have targeted the employees by logging into the phishing web page and then sneak out their username and passwords.

In several cases, the attackers gained access over the company network than the actors will try to gain greater network access than expected, which allows them to initiate the privileges with the help of compromised employees’ accounts. This permits the hackers to gain access to the secured networks and sometimes they caused ultimate financial damage to an organization.

According to the FBI, the cybercriminals found the employee details on the company’s chatroom, and then convince the employee to log into the fake phishing page generated by cybercriminals. Once they get the credentials then they used them to log into the company’s VPN and then find someone having a higher post.

The attackers used chatroom service to contact and phished the employee, they were looking towards the employee who will update their username and email details through cloud payroll services.

FBI Guidance

To help the organizations and employees the FBI shared some recommendations;

• When new employees are hired, revoke the complete access to them. Do proper monitoring of all the employees, this will reduce the risk and avoid weak sports created within the network.
• Administrators have to use two accounts for different purposes, one for the admin rights while updating the system changes and another for emailing and generating reports or deploying updates.
• Network segmentation will be used to break one large network into several smaller networks which assist the administrators to control the flow of the network.
• Use regular scanning and monitoring of unauthorized access or modifications that help you to detect possible compromise to reduce the risk of data.
• Apply MFA while accessing the employees’ accounts to minimize initial compromise.

Remaining Up

The FBI issued a second warning to alert the active vishing attacks campaign that targeted the employees since the pandemic starting and now increasing day by day.

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint advisory or a warning notice in August 2020 for all the remote workers, while protecting them from ongoing vishing scams that target multiple US companies.

In July 2020, the attackers started this vishing campaign having the aim to target and gained access to the employee tools and minimized the companies databases, and used employee personal information to conduct the attacks.

While in August 2020, the attackers used different crafted sites that used to clone the targeted companies’ using logging pages by internal VPN and enables the, to harvest 2FA or OTP. Along with that the attackers also gained control over cellphones and bypass 2FA and steal OTP with the help of SIM swapping.