FBI warns of threats to corporate virtual private network access credentials

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning on Thursday, warning of the growing threat of voice phishing or “vishing” attacks against companies. Less than 24 hours after publishing an in-depth study of a criminal group that provides services, KrebsOnSecurity published an article that provides a service that people can hire them to steal VPN credentials from employees working remotely during the COVID-19 pandemic. And other sensitive data.

“The COVID-19 pandemic has led to a large-scale shift to working from home, leading to an increase in the use of corporate virtual private networks (VPNs). In mid-July 2020, cybercriminals started a campaign called vishing-gaining indiscriminately. Access to tools for employees of multiple companies-the ultimate goal is to monetize access.”

As pointed out in the report on Wednesday, these agencies stated that the phishing websites set up by the attackers often have hyphens, the name of the target company and certain words are very directional-such as “support”, “ticket” and “employee” . The perpetrator focused on social engineering of new employees of the target company and impersonated the target company’s IT service desk staff.

The FBI/CISA joint alert stated that the vishing group also used public files on social media platforms, recruiters and marketing tools, public background check services, and open source research to search employee files of specific companies on a large scale. It can be seen from the alert.

“The perpetrator first dialed the target employee’s personal mobile phone using an unattributed VoIP number, and then began to combine false numbers from other offices and employees of the victim’s company. The perpetrator used social engineering techniques and in some cases, impersonated Members of the victim’s company’s IT service desk used their knowledge of the employee’s personally identifiable information – including name, position, time at the company, and home address – to gain the trust of the target employee.”

“Then, the actor persuaded the target employee to send a new VPN link and ask them to log in, including any 2FA [two-factor authentication] or OTP [one-time password] security credentials also obtained through this method, and then they Record the information provided by the employee and use the employee’s account to access corporate tools in real time.”

The alert pointed out that in some cases, unsuspecting employees approved the 2FA or OTP prompt, or approved it accidentally. In addition, the attacker can intercept one-time codes by exchanging SIM cards for employees, which involves social engineering personnel of mobile phone companies to allow them to control the target phone number.

These agencies stated that scammers used stolen VPN credentials to mine customers’ personal information in the victim’s company database for use in other attacks.

“The perpetrator then used the employee’s access rights to conduct further research on the victim, and/or use different methods depending on the platform being accessed to fraudulently obtain funds,” the alert read. “The monetization method varies from company to company, but it is highly aggressive, with a tight timetable between the initial violation and the destructive cashing out plan.”

The warning includes some suggestions that companies can implement to help mitigate the threat of these vishing attacks, including.

-Restrict VPN connections to only be used for managed devices, using mechanisms such as hardware checking or installing certificates, so user input alone is not enough to access corporate VPNs.

-Where applicable, limit the access time of the VPN to reduce access outside the allowed time.

-Use domain name monitoring to track the creation or change of corporate and brand domain names.

-Actively scan and monitor network applications to prevent unauthorized access, modification and abnormal activities.

-Adopt the principle of least privilege, implement software restriction policies or other control measures; monitor the access and use of authorized users.

-Consider adopting a formal authentication procedure for employee-to-employee communications via the public telephone network, and use the second factor in it to authenticate phones before discussing sensitive information.

-Improve 2FA and OTP information transmission to reduce confusion in employee certification attempts.

-Make sure that the network link does not have spelling errors or contain incorrect domain names.

-Bookmark the correct corporate VPN URL, and don’t access other URLs only by the incoming phone.

-Be vigilant about unsolicited phone calls, visits, or email messages from unidentified persons claiming to be from legitimate organizations. Do not provide personal information or information about your organization, including its organizational structure, organizational structure, and organizational structure.

17 Comments on "FBI warns of threats to corporate virtual private network access credentials"

  1. I have been examinating out a few of your articles and i can state clever stuff. I will surely bookmark your website. Hetty Sax Jenny

  2. Yes! Finally something about how to win the lottery. Abagael Alex Emina

  3. Buna dimineata domnule Mandrasescu, cu voia dumneavoastra as dori sa-i raspund domnului Filipas aici. Va multumesc. Dehlia Cletus Delilah

  4. This looks and sounds delicious, Letizia! Have a wonderful Easter and best of health to you and yours. Miof Mela Henrik Ad

  5. If you desire to obtain a good deal from this article then you have to apply such techniques to your won weblog. Maryjane Virgilio Arno

  6. Most likely you will need to ask this question at some specialized forum. Mirabelle Valentin Sayette

  7. Pretty! This has been a really wonderful article. Thanks for supplying this information. Fawnia Berky Klaus

  8. This is my first time visit at here and i am actually happy to read all at one place. Tommy Weber Elfrieda

  9. Hi there, after reading this amazing article i am too happy to share my familiarity here with friends. Donica Hazel Iridis

  10. From config file, the database name on Sync Gateway is `sync_gateway`. Also, you need to create `sync_gateway` bucket on Couchbase Server. Fran Halsey Barclay

  11. The sketch is tasteful, your authored material stylish. Petunia Rhys Willey

  12. Absolutely indited content material , thanks for entropy. Selie Tore Bertold

  13. Excellent post! We are linking to this great content on our website. Keep up the good writing. Hayley Bartlett Tracey

  14. I cannot thank you enough for the blog. Much thanks again. Really Great. Ketty Findlay Hamlet

  15. I am sure this article has touched all the internet viewers, its really really good paragraph on building up new webpage. Veradis Benedikt Gavin

  16. I think you have observed some very interesting points, appreciate it for the post. Lita Nestor Isbella

  17. These digital currencies should not fit for financial investment technique is so way more. Lyndsey Carlyle Lucania

Leave a comment

Your email address will not be published.