With so many organizations adopting work from home and enabling VPN access for employees, it’s no surprise that bad actors are taking advantage and launching advanced attacks. In this advisory, actors are observed using social engineering on employees by setting up fake/similar domains to organizations VPN portals and calling them to get them to enter credentials on the faked sites. Best practices to mitigate this are included in the advisory. These include two factor or one time passwords to ensure the user logging in is verified. The principle of least privilege is also cited as a mitigation so that when a user logs in, the surface area they can access is minimized.

Organizational Tips 

End-User Tips 

o Avoiding Social Engineering and Phishing Attacks  
o Staying Safe on Social Networking Sites  
Posted Date: 08/20/2020
Published Date: 08/20/2020
Source: FBI & CISA
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing this advisory in response to a voice phishing (vishing)1 campaign. The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate virtual private networks (VPNs) and elimination of in-person verification. In mid-July 2020, cybercriminals started a vishing campaign—gaining access to employee tools at multiple companies with indiscriminate targeting—with the end goal of monetizing the access. Using vished credentials, cybercriminals mined the victim company databases for their customers’ personal information to leverage in other attacks. The monetizing method varied depending on the company but was highly aggressive with a tight timeline between the initial breach and the disruptive cash-out scheme.

Leave a Reply