The FBI is warning about threat actors targeting remote employees by exploiting network misconfigurations and remote workforce access privileges. The agency has issued a Private Industry Notification (PIN) to notify about various cyberattacks targeting global corporate networks to illicitly obtain employees’ credentials. It noted that cybercriminals are leveraging vishing techniques and chatrooms to perform social engineering attacks on employees. In a vishing attack, a victim is phished over the phone to obtain sensitive data like login details.
Shift in Attack Tactics
FBI claimed that attackers have changed their hacking techniques to compromise users’ accounts and credentials. Several cybercriminal groups collaborated to target employees of popular enterprises worldwide using (Voice over Internet Protocol) VoIP platforms. VoIP is a technology that converts voice into a digital signal and allows to make calls directly from a computer, a VoIP phone, or other data-driven devices.
“During the phone calls, employees were tricked into logging into a phishing webpage to capture the employee’s username and password. After gaining access to the network, many cybercriminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage,” the FBI said.
Threat actors also phished employees via official chatrooms and convinced them to login onto fake VPN pages. The operators then used the compromised credentials to log into the company’s VPN and performed reconnaissance to locate someone with higher access privileges.
The FBI also recommended certain security protocols to mitigate the risks from all kinds of phishing attacks. These include:
- Implement multi-factor authentication (MFA) for accessing employees’ accounts to minimize the chances of an initial compromise.
- When new employees are hired, network access should be granted on a least privilege scale. Periodic review of this network access for all employees can significantly reduce the risk of compromise of vulnerable and/or weak spots within the network.
- Actively scanning and monitoring for unauthorized access or modifications can help detect a possible compromise to prevent or minimize the loss of data.
- Network segmentation should be implemented to break up one large network into multiple smaller networks which allow administrators to control the flow of network traffic.
- Administrators should be issued two accounts: one account with admin privileges to make system changes and the other account used for email, deploying updates, and generating reports.
Related Story: Five Baits that Get You Phished