The Federal Bureau of Investigation (FBI) has raised its voice of concern about the ongoing vishing attacks on US based international companies where cybercriminals are trying to steal corporate account credentials for network access and privilege escalation. Vishing (also known as voice phishing) is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward.
The attackers told the employees to login to a phishing webpage so that they can steal their usernames and passwords and gain access to the company’s network. Once they gained access to the company’s network, the threat actors gained greater network access than expected allowing them to escalate privileges using the compromised employees’ accounts.
The FBI has sent notifications to well-established companies alerting them about the vishing attacks. Amid the pandemic situation, vishing activities have increased at a rapid rate. This is the second warning issued by FBI alerting about active vishing attacks targeting companies from several US industry sectors.
In order to avoid this type of phishing attacks, the FBI shared has advised the companies to implement multi-factor authentication (MFA) for accessing employees’ accounts in order to minimize the chances of an initial compromise. Active scanning and monitoring for unauthorized access or modifications must take place to detect a possible compromise in order to prevent or minimize the loss of data. To control the flow of network traffic Network segmentation should be implemented to break up one large network into multiple smaller networks which allows administrators.