Hackers have discovered a new way to attack the corporate computer system through the devices of employees working at home due to the coronavirus epidemic. The threat is designed to take advantage of the vulnerabilities created by the increasing use of corporate virtual private networks (VPNs) and the elimination of personal verification.
The latest hacker campaign was launched and used voice phishing. Additionally, cybercriminals have launched phishing campaigns – with random targeting to gain access to employee tools across multiple companies – with the ultimate goal of gaining access.
Phishing has evolved into sophisticated and coordinated campaigns to obtain confidential and proprietary information and trade secrets through their VPN. Criminals have discovered this type with the help of company employees.
It’s harder to find safety when your employees have keystrokes. Cybercriminals removed the victim company’s clients’ information database to leverage hidden credentials in other attacks. The monetizing method may vary depending on the company, but they are very aggressive with a tight schedule between the initial breach and a disruptive cashout system.
VPNs are widely used in today’s remote work environment, and they aim to create a secure platform for remote employees to log in to their company’s network from home. Many companies use VPNs since they provide secure remote connections and allow the company to monitor the activities of employees on the web and detect potential security breaches.
How do scammers do this?
The cybercrime group sets a goal for the company and conducts extensive research on its employees. Attackers collect victim files of employees based on scraps of their virtual presence on social media.
The attacker can find out the employee’s name, location, place of work, position, company tenure, and even the employee’s home address from an employee’s social media profile.
After that, the hackers register the domain and create phishing web pages that copy the login page to the company’s internal VPN.
The attacker then contacts an employee on his mobile phone and pretends to be an internal IT professional or help desk employee for security reasons. Using the information collected about that employee during the visible research phase and convincing the employee, the employee gains confidence that the fraudster needs to log in to a new VPN link to address security issues or other technical requirements.
The attacker sends a link to a fake VPN page to an unsuspecting employee, which looks exactly like the company’s VPN login site. The employee enters his username and password in the domain and clicks on the login link. If applicable, the employee also completes a two-component authentication or one-time password request.
With one click on a VPN link, the attacker has a complete set of employee credentials. Attackers use this access to my company’s databases, records, and files to obtain information to pressure the company for ransom or to be used in other cyber attacks.
Take precautions
Employers should seriously consider their safety protocols and take steps to prevent employees from inadvertently falling into phishing traps by continuing to work remotely.
Advice to employers includes:
- Restrict VPN connections only to managed devices using mechanisms such as hardware checks so that only the user input is not sufficient to access corporate VPN.
- If possible, limit VPN access hours and reduce access beyond the usually allowed time.
- Use domain monitoring to track the creation or change of the company’s brand name domain.
- Actively scan and monitor web applications to detect unauthorized access, alterations, and unusual activity.
- Implement the principle of minimum privilege, enforce software restriction policies or other restrictions and monitor authorized user access.
- The formal authentication process for employee-to-employee communication can be applied to public telephone networks as another element is used to authenticate phone calls before discussing sensitive information.
Depending on the organization, not all consultant advice is feasible. But all companies must heed the agency’s warning and seriously evaluate security protocols, VPNs, and network access to protect their confidential and proprietary information and trade secrets.
Separately, companies should continue to engage employees and train them on the proper use of the network, security concerns, and when to call a certain IT number.
Cybercriminals will continue to take advantage of remote employees. Therefore, companies should regularly remind employees that any requests for their login and credentials (or other personal information) should be suspicious and remind employees where to go and who to contact if they have any security issues.
Whom to contact to prevent the attack of cybercriminals?
After understanding the danger of cybercriminals, you might think about preventing the attack. We at “AccuIT” have experienced technicians to ensure maximum productivity and uptime in Microsoft-based client/server network infrastructure and security. By properly deploying and maintaining computer assets, AccuIT will help your business reduce downtime and IT-related support calls from the start. So contact us today and avoid the risk of cybercriminal attacks.