Criminals coax employees into handing over their access credentials and use the login data to burrow deep into corporate networks

The United States’ Federal Bureau of Investigation (FBI) has issued a warning about campaigns where threat actors target employees worldwide with voice phishing (also known as vishing) attacks in order to steal their network credentials and elevate user privileges.

The warning can in part be attributed to the fact that the COVID-19 pandemic has forced many companies to shift to telework, which may not allow for comprehensive monitoring of network access points and privilege escalation.

The Bureau highlighted a campaign that goes back to December 2019 and involved attackers targeting employees at large businesses in the US and elsewhere through Voice over IP (VoIP) platforms as well as a company chatroom in order to coax credentials into corporate networks.

“During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password,” reads the FBI’s description of one attack vector, which often involves spoofed caller ID numbers that conceal the criminal’s location and identity.

Before long, the threat actors found that they could burrow deeper into the networks than they’d initially believed and that they even had the ability to elevate permissions on the compromised accounts.

In these scenarios, attackers can wreak all manner of havoc on a company’s systems such as implanting malware, sifting through the company’s data to search for proprietary data, or gaining access to account credentials of executives with the aim of conducting Business Email Compromise (BEC) fraud. Needless to say, any of this could cost any company dearly.

Meanwhile, in another case, cybercriminals first contacted an employee via the company’s chatroom and duped the person into logging into a fraudulent Virtual Private Network (VPN) page. Using the captured account credentials, they then accessed the company’s network, where they searched for an employee with the ability to change usernames and emails. The cybercriminals were successful in identifying their target via a cloud-based payroll service and went on to phish the victim’s credentials using the chatroom tactic as well.

RELATED READING: Strengthening the different layers of IT networks

The federal law enforcement agency also shared advice on how companies could mitigate the risks of such attacks. This includes implementing multi-factor authentication, actively scanning and monitoring for unauthorized access, network segmentation, and periodic reviews of employee network access.

In August 2020, the FBI together with the Cybersecurity and Infrastructure Security Agency (CISA) issued a similar advisory warning about a surge in vishing attacks targeting staff at multiple companies. During these attacks, the threat actors also used similar tactics including fraudulent VPN pages to obtain account credentials.