Vishing Attacks on the Rise

Currently, cybercriminals are laser-focused on accessing your network by using valid Virtual Private Network (VPN) log in credentials provided by your employees.

This information provides hackers with a gateway into these networks – if they are not updated quickly.

WHY THIS MATTERS

During the COVID-19 exodus from offices to remote work environments, hackers are finding new cyberattack vectors to use against unsuspecting targets.

Vishing (i.e., voice phishing) cyberattacks are on the rise, targeting teleworkers (i.e., those working from home or working remotely), who mistakenly grant hackers access to your network by providing them with their Virtual Private Network (VPN) log in credentials.

Please refer to our recent Cyber Threat Alert on VPN vulnerabilities.

This alert provides you with what we know about the Vishing (aka phone spear phishing) cyberattacks and suggestions on how to mitigate the financial loss.

DESCRIPTION

The Federal Bureau of Investigation (FBI) and the DHS Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory about the recent vishing campaign (which has been running since mid-July) in which hackers target remote workers from multiple industry sectors. The threat actors impersonate a trusted entity and use social engineering techniques to get targets to disclose their VPN log in credentials.

Briefly, employees receive a call from a voice-over-IP (VOIP) number. Initially, the VOIP number is anonymous, but later in the campaign, the attackers spoof the number to make it appear that the call was coming from a company office or another employee in the firm. The hackers tell employees that they will receive a link that they need to click to log in to a new VPN system. Hackers instruct employees to respond to the SMS message sent to their phone for 2-factor authentication and one-time password communications. The attackers capture the login information as employees enter it into their fraudulent website and use it to log in to the correct VPN page of the company. Next, the bad actors capture and use the 2FA code or one-time password when the employee responds to the SMS message.

WHAT THIS MEANS

Vishing awareness campaigns are vital to prevent access to your network. Those organizations using VPN during remote work, need to understand the threat of imposters obtaining valid log in credentials.

The FBI/CISA recommend organizations:

• Restrict VPN connections to managed devices using mechanisms such as hardware checks or installed certificates, to restrict the hours that VPNs can be used to access the network
• Use domain monitoring tools to monitor web applications for unauthorized access and anomalous activities
• Use a formal authentication procedure for employee-to-employee communications over the public telephone network where a second factor is required to authenticate the phone call prior to the disclosure of any sensitive information
• Monitor authorized user access and usage to identify anomalous activities, and
• Employees should be notified about the scam and instructed to report any suspicious calls to their security team.

CYBER RISKS

Organizations of all types and sizes need to be aware of potential cyber risks that arise from social engineering, (which now includes Vishing):

Human Error resulting in the release of malware into the network:

• An employee (during remote work or in the office) clicking on a malicious link or attachment in an email, text message, or changing practice or procedure because of a phone call from an imposter.

Business Email Compromise:

• An employee tricked into sending or wiring funds to a fake bank account.

Invoice Manipulation deceiving your customers:

• Your customers or vendors tricked by bad actors using what appears to be a legitimate email, text, or phone call, to alter a payment method or deliver goods or services to the wrong location that is controlled by the bad actor.

Phishing leading to a ransomware attack or a data breach:

• A ransomware attack that locks your data, demanding a ransom payment to unlock your files or data, during which time you may have a costly business interruption.
• A data breach via unauthorized access to your computer systems or network, stealing your data, such as personally identifiable information (PII) of clients and employees.

STAND-ALONE CYBER INSURANCE SOLUTIONS

Stand-Alone Cyber Insurance is your go-to option when you are looking to transfer some of your cyber risk:

• Social engineering coverage – when employees are tricked into taking action such as wiring funds to a fake bank account, after hackers have accessed your network via an email campaign, text messages, or phone calls, i.e., phishing, smishing, or Vishing.
• Ransomware (cyber extortion) coverage -- including ransom payments and data recovery.
• Data breach coverage -- including direct first-party coverage for incident response, and third-party coverage for damages to others.
• Business interruption coverage -- including loss of profits and extra expenses incurred during a shutdown of your computer systems or network.
• Employee training and educational tools to help prevent attacks on your computer systems or network.

TAKEAWAYS

• There is an urgent need for organizations to notify employees about the Vishing cyber risk.
• More than one-third of organizations have experienced a security incident caused by a remote worker’s actions. Thus, employee awareness training is a vital cybersecurity measure.
• The benefits of remote work – continuing business operations -- outweigh the risks if you have robust Stand-Alone Cyber Insurance to help reduce a cyber-related financial loss.
• Cyber Armada and its cyber insurance carriers are at the ready to support policyholders during the COVID-19 crisis and beyond.

RESOURCES

https://krebsonsecurity.com/2020/08/fbi-cisa-echo-warnings-on-vishing-threat/

https://www.hipaajournal.com/fbi-and-cisa-issue-joint-warning-about-vishing-campaign-targeting-teleworkers/

https://www.wired.com/story/phone-spear-phishing-twitter-crime-wave/