The internet has changed our lives, but not always in a good way. Sure, we have unlimited information at the tips of our fingers; we also have threats and misinformation to worry about — scammers con people out of money, information, and sometimes both.
There's a new post about IT Security (FBI and CISA warn of major wave of vishing attacks targeting teleworkers) on The Service Guy – https://t.co/SRuDfZxzfr
— The Service Guy (@CTSIan) August 28, 2020
Warnings of a new kind of phishing, relying on dedicated cybercrime teams who use voice-over-IP (VoIP) calls to employees, come from the FBI and CISA. They’re naming the process “vishing,” and it’s believed to be the culprit behind the attacks on Twitter and other high-profile targets in recent months.
The attacks gained power through the increase of remote work and VPNs being commonly used as security to log onto company networks from home.
Specialized criminal services, typically through the dark web, are the powerhouse behind the vishing, as reported by KrebsOnSecurity. The crews are mainly looking to gain access to company tools. Twitter’s recent breach is an example of this, where several celebrity accounts were hacked and sent out a bitcoin scam.
Krebs interviewed security researchers, who believe the vishing crews have been tweaking their skills for years, with the pandemic opening the door for business. The vishing calls appear to be coming from young people who speak English; the identity of the culprits is still unclear as there are no other details, as reported by Wired.
The FBI and CISA have listed several mitigations to prevent victimization. One way is to implement a 2FA method, one that can’t be caught or faked. An example of this would be a local key or restricting VPN access to managed devices.
Copyright 2020, TheSurvivalGuide.com