Vishing Attacks are On the Rise
A joint statement was recently issued by the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), notifying organizations of a recent increase in vishing attacks.
Vishing attacks are a subset of phishing attack that specifically targets phones and VoIP connections. Generally, phishing attacks use email as its primary method of communication.
In a phishing attack, the cyberattackers will send a malicious email to a potential victim while pretending to be a legitimate source. The emails often contain malicious attachments or links that will lead users to download malicious files or to fake sites. Ultimately, the goal of the cyberattackers is to trick the user into downloading a malicious file in order to infect their system. Once infiltrated, they would be able to steal sensitive data or lock data behind a paywall to launch a ransomware attack.
VoIP, or Voice over IP, is an internet phone that was popularized in the early 2000. The solution allows for phone calls over long distance while saving money.
Early forms of vishing still utilized email as its primary medium. After clicking on the malicious link inside the email, the victim would be prompted to provide sensitive information over the phone. The recipient’s phone number would be in fact a VoIP account that is controlled by the cyberattackers. After dialing the malicious number, the victim would be lead through a series of voice-prompted menu options that gather data including account numbers and personal passwords.
Vishing attacks also use calls as one of its main methods of attack. The malicious call would also originate from a compromised VoIP account. In these attacks, victims would receive a call notifying them that action is required to protect an online account. Once again, the goal of these attacks is to persuade the victim into giving up sensitive information over the phone.
A recent strategy that has been employed by vishing attackers is SIM swap attacks. The objective of these attacks is to trick a telecommunication employee into switching a victim’s phone number to a SIM card that is controlled by the attacker. In recent times, multifactor authentication (MFA) is becoming a widespread and popular method of protecting online accounts. These use an extra layer of authentication by sending a code to an individuals’ phone. In theory, this would prevent an attacker from gaining access to your account should they ever steal your password. However, by gaining access to a user’s phone number, the vishing attacker can then also gain access to accounts previously protected by MFA, due to the fact that the one-time codes would instead be received by the attacker.
This type of vishing is known as a targeted, or spear phishing attack. In this type of attack, the malicious actor leverages information on a single target to create a more tailored attack campaign. These are often more difficult to detect as a victim due to the fact that the attacker presents more specific information in an attempt to pose as a trusted individual.
Vishing attacks leverage VoIP for several reasons.
-The medium is inexpensive and is able to be used over long distances without additional fees.
-VoIP is web-based, which allows for cybercriminals to create illegitimate customer service lines to trick end users.
-VoIP makes it easy for a cyberattackers to hide their real phone number, bypassing caller ID.
In Mid-July of 2020, a vishing campaign was launched by cyberattackers which gained access to employee tools in numerous companies. Using this stolen data, attackers were able to gain access to secure databases and extracted customer personal information as leverage for further attacks.
In a report, the FBI and CISA stated that these vishing campaigns followed the below steps:
Firstly, the cyberattackers creates a domain and creates an imitation website of the victim company’s VPN login pages. To make these illegitimate webpages even harder to detect, cyberattackers purchase SSL certificates.
Then, the attacker steals sensitive information including user addresses, cell phone numbers, company positions, and work durations. Then, the attacker calls the target employee and persuades them to login into a malicious VPN link, leveraging the stolen information to socially engineer the target to doing this. Once the VPN credentials have been stolen, the attacker would gain access to secure company systems.
Protecting Yourself against Cyberattack
Restrict VPN connections to devices that are managed by the organization. This ensures that proper endpoint security is installed and employed on these vulnerable devices.
Restrict VPN hours to specific times of day.
Constantly monitor domain and RDS activity for suspicious connections. Also monitor web application usage for unauthorized access and suspicious activity.
Employ strict permission policies to sensitive databases and files.
Employ 2 factor authentication to ensure that logins are secure.
Don’t fall victim to cyberattack. Call us at +1 888 366 4443 or email us at info@gige.ca for a consultation.