The latest information about Cybersecurity threats
NTIC Cyber Weekly Bulletin - August 20 2020 - TLP WHITE
Cyber Criminals Take Advantage of Increased Telework Through Vishing Campaign
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing this advisory in response to a voice phishing (vishing)1 campaign.
The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate virtual private networks (VPNs) and elimination of in-person verification. In mid-July 2020, cybercriminals started a vishing campaign—gaining access to employee tools at multiple companies with indiscriminate targeting—with the end goal of monetizing the access. Using vished credentials, cybercriminals mined the victim company databases for their customers’ personal information to leverage in other attacks. The monetizing method varied depending on the company but was highly aggressive with a tight timeline between the initial breach and the disruptive cash-out scheme.
This alert is being provided for informational purposes and for potential use to protect systems, networks, and data against this cyber threat at the sole discretion of recipients. As the cyber threat landscape is ever-evolving and attribution can be difficult, the NTIC Cyber Center makes no guarantees of the accuracy of this information during and after the dissemination of this alert as indicators of compromise IoCs) and adversary tactics,techniques, and procedures (TTPs) may change.Recipients are urged to use caution before implementing any changes to systems,software, and procedures.
The NTIC Cyber Center is aware of two currently active phishing campaigns that attempt to steal Microsoft Office 365 login credentials from unsuspecting victims. These campaigns use previously compromised enterprise email accounts to send fraudulent emails to addresses in the accounts' contact lists. Both campaigns include the words "proposal" and "relief margin" in either the subject or body of the emails. In one campaign that we observed, the phishing emails contained a malicious link in both the body of the email and in a PDF attachment that, if opened, redirects to a fraudulent website prompting victims to enter their Microsoft Office 365 login credentials.