The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.
Taking advantage of the COVID-19 pandemic, which has forced the broad adoption of telework, cyber-criminals and threat actors are attempting to exploit possible misconfiguration and lack of monitoring for remote network access and user privileges.
An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals who might have higher access and privileges based on their corporate position.
Cybercriminals were observed employing social engineering to target both US-based and international-based employees of large companies. As part of vishing attacks (voice phishing performed during phone calls) using VoIP platforms, employees were tricked into accessing fake web pages and entering their corporate usernames and passwords.
“After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage,” the FBI explains.
In one attack, the Agency says, the cybercriminals found an employee via the company’s chatroom, and then convinced them into logging into a fake VPN page to reveal their credentials.
Using the compromised username and password, the threat actors then logged into the company’s VPN and started searching for employees who had higher privileges. They located an employee who could make username and email changes and used a chat room ..