Vishing attacks on the rise, FBI, CISA warn
- By Derek B. Johnson
- Aug 24, 2020
Hackers are targeting employees working from home during the coronavirus pandemic with “vishing” or voice phishing campaigns, since at least mid-July, according to an alert from the FBI and Cybersecurity and Infrastructure Security Agency.
Similar to phishing, vishing involves social engineering and impersonation by an attacker, usually over the phone, in order to trick victims into giving up their account credentials. Attackers used VoIP numbers to call victims on their personal cellphones, and in some cases they were even able to spoof legitimate numbers from other employees and IT help desks. They then convinced their targets that they needed to use a different login page for their virtual private network (VPN) and required their one-time passwords or two-factor authentication information.
According to the FBI and CISA, attackers have registered domains to create spoofed websites that duplicate the internal VPN login page for victim companies. They then obtained SSL certificates and used URL add-ons to make it appear as if the requests were coming internally from IT support.
After gaining an initial foothold, the attackers would then access the corporate network to obtain more details about other victims to support new social engineering attacks. CISA and FBI officials said they believe the attacks have become more common in part due to the increased telework happening nationwide as a result of the coronavirus pandemic.
"The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate VPN and elimination of in-person verification, which can partially explain the success of this campaign," the alert reads. "Prior to the pandemic, similar campaigns exclusively targeted telecommunications providers and internet service providers with these attacks but the focus has recently broadened to more indiscriminate targeting."
Recommended mitigation techniques include restricting VPN use to managed devices, restricting login periods and monitoring suspicious new domains that could be used to impersonate a company's internal help desk.
VPNs have quickly become one of the primary fronts in the battle between cyber criminals and defenders, especially during the pandemic. CISA, the National Security Agency and others have routinely warned federal agencies and the broader public to patch their VPNs, harden existing security defenses and implement new multifactor authentication procedures as large portions of the country continue to log into corporate networks from their homes.
This article was first posted to FCW, a sibling site to GCN.
Derek B. Johnson is a former senior staff writer at FCW.