A brand new “so-phish-ticated” assault makes use of cellphone calls, social engineering, lookalike domains, and impersonated firm VPN websites to realize preliminary entry to a sufferer community.
This is without doubt one of the most superior preliminary entry assaults I’ve seen. Safety analysts at GuidePoint Safety have revealed particulars on a brand new assault that tips customers into offering the attacker with credentialed entry.
Right here’s the fast rundown of the assault methods used:
- The attacker calls the sufferer consumer on their cellular claiming to be the helpdesk
- They inform the consumer there’s a VPN login situation and direct them to an impersonated VPN logon website
- The consumer supplies their credentials (that are captured by the attacker
- The attacker concurrently logs on to the professional VPN website with the credentials and prompts the consumer for the MFA code despatched to the consumer’s cell phone
- As soon as entry is granted, they get to work scanning the sufferer community to determine targets for lateral motion, persistence, and additional privilege escalation.
To tug this off, the attacker wants numerous components of the assault to be in line:
- The corporate, title, and cell phone variety of the sufferer consumer
- A plausible lookalike VPN website area title
- A spoofed VPN website with the sufferer’s group’s emblem
- VPN Teams from the precise sufferer group’s VPN logon web page
- A social engineering script that makes the expertise plausible to the consumer (in order that they don’t report it to IT)
It’s evident that this attacker focuses on organizations utilizing particular VPN applied sciences that assist of their socially engineered expertise for the consumer. What can be evident is that any consumer that has undergone safety consciousness coaching ought to be capable to simply determine all of those social engineering crimson flags.
This assault exhibits you simply how far preliminary entry brokers will go to compromise your community. So, be sure your customers are vigilant and play a task in maintaining the group safe.
KnowBe4 empowers your workforce to make smarter safety selections daily. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.