Cybersecurity

Voice phishing attacks on the rise, CISA, FBI warn

application security  (Ditty_about_summer/Shutterstock.com) 

The FBI and Cybersecurity and Infrastructure Security Agency are warning private businesses about an ongoing "vishing" -- or voice phishing – campaign targeting employees who are working from home during the coronavirus pandemic.

According to the alert, the campaign has been ongoing since at least mid-July, with attackers registering domains to create spoofed websites that duplicate the internal VPN login page for victim companies. They then obtained SSL certificates and used URL add-ons to make it appear as if the requests were coming internally from IT support.

ZDNet first reported on the alert, and the New York State government later published the document on its coronavirus response website.

Similar to phishing, vishing involves social engineering and impersonation by an attacker, usually over the phone, in order to trick a victim into giving up their account credentials. In this case, the attackers used Voice over Internet Protocol numbers to call victims on their personal cellphones, and in some cases were even able to spoof legitimate numbers from other employees and offices. They then convinced their target that they needed to use a different login page for their VPN, including any necessary one-time passwords or two-factor authentication information.

After gaining an initial foothold, the attackers would access the corporate network to obtain more details about other victims to aide in new social engineering attacks. CISA and FBI officials believe the attacks have become more common in part due to the increased telework happening nationwide as a result of the Coronavirus pandemic.

"The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate VPN and elimination of in-person verification, which can partially explain the success of this campaign," the alert reads. "Prior to the pandemic, similar campaigns exclusively targeted telecommunications providers and internet service providers with these attacks but the focus has recently broadened to more indiscriminate targeting."

Recommended mitigation techniques include restricting VPN use to managed devices, restricting log in periods, and monitoring suspicious new domains that could be used to impersonate a company's internal help desk.

Virtual Private Networks have quickly become one of the primary fronts in the battle between cyber criminals and defenders, especially during the pandemic. CISA, the National Security Agency and others have routinely warned federal agencies and the broader public to patch their VPNs, harden existing security defenses and implement new multifactor authentication procedures as large portions of the country continue to log into corporate networks from their homes.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Federal 100 Awards
    Federal 100 logo

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

Stay Connected