The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory warning teleworkers of an ongoing vishing campaign targeting entities from multiple US industry sectors.
Vishing (also known as voice phishing) is a type of social engineering attack where the attackers impersonate a trusted entity during a voice call to manipulate their targets into revealing sensitive information.
"In mid-July 2020, cybercriminals started a vishing campaign — gaining access to employee tools at multiple companies with indiscriminate targeting—with the end goal of monetizing the access,"
the agencies said. "Using vished credentials, cybercriminals mined the victim company databases for their customers’ personal information to leverage in other attacks."
According to the joint alert, the attackers are on a very tight timeline given that they sold the stolen credentials very quickly after initially gaining access to companies' networks following a successful vishing attack.
