Saturday, April 27, 2024

Cybercriminals Target Employees of Companies Worldwide to Exploit Network Access and Privilege Escalation

By Guru baran

Attackers Exploit Network Access

The FBI has published a Private Industry Notification (PIN) observing Cybercriminals are focusing to target employees of companies worldwide who maintain network access and an ability to escalate network privilege.

Throughout COVID-19, many companies had to quickly adapt to changing environments and technology. With these restrictions, network access and privilege escalation may not be fully monitored.

Several tools to automate services are implemented on companies’ networks, the ability to keep track of who has access to different points on the network, and what type of access they have, will become more difficult to regulate.

Threat

Presently, cybercriminals are attempting to gain all employees’ credentials, not just individuals who would likely have more access based on their corporate position.

According to FBI case information, as of December 2019, cybercriminals work together to target both US-based and international-based employees’ at large companies using social engineering techniques. The cybercriminals vished these employees through the use of VoIP platforms.

Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage to capture the employee’s username and password.

Subsequently gaining access to the network, many cybercriminals found they had more network access, including the ability to escalate privileges of the compromised employees’ accounts.

In one instance, the cybercriminals found an employee via the company’s chatroom and influenced the individual to log into the fake VPN page operated by cybercriminals.

The actors used these credentials to log into the company’s VPN and performed an investigation to locate someone with higher privileges.

The cybercriminals were scanning for employees who could perform username and e-mail changes and found an employee through a cloud-based payroll service. The cybercriminals used a chatroom messaging service to contact and phish this employee’s login credentials.

Mitigations

  • Apply multi-factor authentication (MFA) for accessing employees’ accounts in order to minimize the chances of an initial compromise.
  • When new employees are hired, network access should be granted on a least privilege scale. Periodic review of this network access for all employees can significantly reduce the risk of compromise of vulnerable and/or weak spots within the network.
  • Scanning and monitoring for unauthorized access or modifications can help detect and minimize the loss of data.
  • Network segmentation should be implemented to break up one large network into multiple smaller networks which allow administrators to control the flow of network traffic.
  • Administrators should be issued two accounts: one account with admin privileges to make system changes and the other account used for email, deploying updates, and generating reports.

Final Word

Thus the report issued by FBI provides potential usage to recipients to protect against cyber threats.

“This data is provided to help cybersecurity professionals and system administrators guard against the persistent malicious actions of cyber actors”, says the FBI.

The FBI also encourages the recipients to report information concerning suspicious or criminal activity to their local FBI field office.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Managed WAF Protection

Website

Latest articles

CVE/vulnerability

NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication

Some router models have identified a security vulnerability that allows attackers to bypass authentication.To...
CVE/vulnerability

5000+ CrushFTP Servers Hacked Using Zero-Day Exploit

Hackers often target CrushFTP servers as they contain sensitive data and are used for...
Cyber Attack

13,142,840 DDoS Attacks Targeted Organization Around The Globe

DDoS attacks are a significant and growing risk that can overpower websites, crash servers,...
CVE/vulnerability

Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike

Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt...
Cyber Attack

Microsoft Publicly Releases MS-DOS 4.0 Source Code

In a historic move, Microsoft has made the source code for MS-DOS 4.0, one...
Cyber Attack

New SSLoad Malware Combined With Tools Hijacking Entire Network Domain

A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which...
Cyber Security News

Palo Alto Networks Shares Remediation Advice for Hacked Firewalls

Palo Alto Networks has issued urgent remediation advice after discovering a critical vulnerability, designated...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]