Wave Systems Corp. (fka WAVXQ)

[Genz2]

FBI and CISA warn of major wave of vishing attacks targeting teleworkers

https://www.zdnet.com/article/fbi-and-cisa-warn-of-major-wave-of-vishing-attacks-targeting-teleworkers/

Hackers are calling employees working from home and tricking them into accessing phishing pages for corporate domains.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory on Thursday, warning about an ongoing wave of vishing attacks targeting the US private sector.

Vishing, or voice phishing, is a form of social engineering where criminals call victims to obtain desired information, usually posing as other persons.

According to the FBI and CISA, in mid-July 2020, cybercriminals started a vishing campaign targeting employees working from home for US companies. The attackers collected login credentials for corporate networks, which they then monetized by selling the access to corporate resources to other criminal gangs.

How attacks happened

The two cyber-security agencies didn't name targeted companies, but instead described the technique the attackers used, which usually followed the same pattern.

Per the two agencies, cybercrime groups started by first registering domains that looked like company resources, and then created and hosted phishing sites on these domains. The domains usually had a structure like:
•support-[company]
•ticket-[company]
•employee-[company]
•[company]-support
•[company]-okta

The phishing pages were made to look like a targeted company's internal VPN login page, and the sites were also capable of capturing two-factor authentication (2FA) or one-time passwords (OTP), if the situation required.

Criminal groups then compiled dossiers on the employees working for the companies they wanted to target, usually by "mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research."

Collected information included: name, home address, personal cell/phone number, the position at the company, and duration at the company, according to the two agencies.

The attackers than called employees using random Voice-over-IP (VoIP) phone numbers or by spoofing the phone numbers of other company employees.

"The actors used social engineering techniques and, in some cases, posed as members of the victim company's IT help desk, using their knowledge of the employee's personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee," the joint alert reads.

"The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP."

The rest of the article is at the above link.
=================================================================
If you have an employee who gets contacted by one of these hackers posing as an IT employee, and he/she is using Wave VSC 2.0 consider your organization fortunate. If your company uses a OTP in its 2FA consider yourself not so fortunate. With Wave VSC 2.0, the hacker needs your employee's computer (TPM)-- Obviously, its much more difficult to obtain the computer than the OTP!!! Use better security at less than half the cost - Wave VSC 2.0!!!
=================================================================
https://www.wavesys.com/

https://www.wavesys.com/contact-information