Physical Security

Jul

2023

Advanced Vishing

Voice Phishing, or vishing, is an attack vector we have covered in the past in which criminals use phone calls instead of emails to steal personal information, credentials, or money. However, criminals are pairing this time-tested attack vector with new technology and banking apps to steal even more information and money.

The first way criminals are using technology along with vishing is AI. Hackers are utilizing AI impersonation technology to create targeted personas to attack users with more realistic phone calls. Criminals use this technology to call vastly more individuals than they could with people behind the attack, meaning even if there is a lower return percentage, they still attack more people with AI voice impersonation.

The phishing group “Letscall” are taking vishing a step further against Android users by convincing them to download a malicious banking app and then stealing money from users while re-routing their phone calls.

The first step in this multi-tiered phishing campaign is to call Android users and convince them to download a banking app from a fake Google Play Store. After the malicious banking app is installed, it collects personal data from the phone and also re-directs phone calls back to the criminals. The users are called again and asked to log into the new malicious banking app. After the user gives the criminals their banking information, the phishing group steals money from the user’s real bank account. When the user tries to call their bank to report a problem, the calls are routed back to the criminal organization so they can further the scam for as long as possible.

The phishing group is highly organized and trained in front and back-end app development; they have a call center trained as a banking call center and are manipulating voice over IP (VOIP). They are also hacking Google servers and firewall restrictions to accomplish the attack.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Jan

2023

Healthcare Sector Ransomware

A recent ransomware claim in the healthcare sector is a reminder of ransomware tactics used by criminals. Hackers associated with BlackCat ransomware added NextGen Healthcare Information Systems to their list of compromised businesses last week. The attack is another example of hackers’ focus on the healthcare sector, the highest category to experience attacks over the past few years.

A spokesperson from NextGen responded, “NextGen Healthcare is aware of this claim and we have been working with leading cybersecurity experts to investigate and remediate. We immediately contained the threat, secured our network, and have returned to normal operations. Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.” The company did not comment on employee or patent data.

BlackCat is a prolific ransomware that focuses primarily on the healthcare sector. The group uses triple-extortion tactics to convince victims to pay ransoms by threatening to leak the data if they refuse. The group also utilizes DDoS attacks to knock victims’ websites offline.

The healthcare sector is a particularly enticing target for hackers because of the personal patient data they store, and the inconsistency of security tools employed by healthcare companies. However, early data shows ransomware payments were down nearly 40% in 2022 across all business sectors. Researchers speculate businesses are investing in security and backup tools and are able to recover from an attack without paying the ransom. Another factor in the decline is that paying a ransom may not be legal in the business’s home country. The US government has imposed sanctions on some foreign countries, restricting the export of money and products. If the ransomware group has ties to one of those countries, the company could find itself in legal trouble after recovering its data.

Experts predict the recent decline in payment will prompt ransomware groups may forgo medium-sized businesses with more security measures in place. Instead, they believe hacker groups will get more aggressive with very large and small companies to make up for the difference in revenue loss over the coming year.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Jul

2022

Vishing is Evolving

The phishing tactic using voice calls, known as vishing, is increasing in use and evolving. A recent study found that almost half of organizations surveyed were targeted by voice call phishing or social engineering in the past year. Robocalls and attacks on mobile phones are starting to be challenged by mobile carriers. Most of us have experienced “Spam Risk” on a mobile phone over the past year. Criminals are adapting to the new restrictions and targeting organizations instead of individuals. Unlike individuals, businesses have to answer their phones in order to serve a customer base. Criminals know this and are taking advantage of vishing tactics at the organizational level.

Another change is voice call attacks are evolving from robocalls to more targeted spear phishing attacks. Criminals are doing research on businesses and employees and targeting individuals instead of calling thousands of numbers with an automated tool. Criminals use software to crawl the internet looking for open-source information on social media and other websites. When they have enough information to form a picture of habits and character, they contact the employee to start building a relationship. The criminal may impersonate a customer, vendor, or employee within the same business.

98% of cyberattacks use some element of social engineering. The study found phishing was not limited to voice calls. 32% of phishing attempts were made over text message or SMS, and 16% were made over collaboration tools like WebEx or Microsoft Teams. As the telecommunication industry responds to criminal activity, hackers will continue to evolve their tactics. Voice phishing calls utilize the same concepts used in all phishing attacks. Criminals usually try to create a sense of urgency, so the employees don’t have time to ask questions. They may pretend to be a vendor asking for a billing information or a coworker asking for a password so they can quickly get a job done. The study cited employee education as the greatest defense against evolving attack vectors.