With the increase in the statistics, the United States Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) announced by publishing a notice on focusing on Vishing Attack (Voice Phishing) modus operation.
Due to the pandemic situation, many companies drastically moved their operations to the comfort of their employee’s homes. Many companies agreed that their security level cannot cope with many cybercriminals’ persistence exploiting this vulnerability with the abrupt changes. Based on the analysis report, a home network is the most prone infrastructure to compromise. As many personal devices can connect to the network, any of which can be compromised, adversaries can quickly scan other devices used to communicate to the network of affiliated companies that can result in more possible damage.
Reports state that remote employees from different sectors have been receiving calls from unknown entities disguised as a trusted representative of their firm, luring them to access a domain that mimics their official in which adversaries controls. Then asks them to enter their credentials. Unknowingly to the victim, their network credentials are already being captured. The report also cited SIM Swap attack instances. The victim’s registered number is being transferred to a different subscriber identity module (SIM) owned by the adversary by tricking the telecom service provider or the subscriber into approving the transfer bypassing the multi-factor login setup. These adversary efforts are being made either by exfiltrating data from compromised devices, spear-phishing emails, and direct communication to the victim. Gathering precise intel will give these adversaries a foothold to penetrate the targeted company through compromised employee credentials. Once successfully able to login to the victim company’s network, the adversary will scan other users with privileged access to compromise, either exfiltrate sensitive data on the network for ransom or be sold off to the dark web and other malicious activity.
Above mentioned cybercrime, authorities released the advisory to warn the public to lessen being victimized of these adversaries’ current vishing modus of operation.
This is to protect the people and their company from vishing type of attack. Also, companies are being asked to strengthen and implement the use of multi–layered authentication, limit access privilege provided to employees, random monitoring of network traffic and unauthorized network access counter, network segmentation, data back-up, and for the administrator to have separate accounts for admin task and one with the lesser privilege to mitigate the risk and damage of possible intrusion.
With the current situation, everyone is expected to be vigilant and cautious about their personal and corporate credentials. Being compromised can lead to a disastrous result, such as money loss and reputation damage. We should be sceptical of anything from the internet or an unknown person primarily if it deals with personal information and company affiliation. This is to protect ourselves and the company from the current chaotic situation.