Security professionals rely on the implementation of multifactor authentication (MFA) to defend against phishing attacks and intrusions. Unfortunately, we can’t completely rely on MFA to protect us as threat actors (more specifically, ShinyHunters) are now targeting companies in technology, financial services, real estate, energy, healthcare, logistics, and retail with synchronized vishing-phishing attacks.
The newest attacks involve the threat actors pretending to be IT staff who called employees to tell them that the company was updating MFA settings. While on the phone with the employee, the threat actor directed them to a malicious credential harvesting site that spoofed the company to capture the employees’ single sign on credentials and MFA codes, then registered their device for the MFA push.
The threat actors cover their tracks and bypass security notices. Once they gain access to the company system, they download sensitive data and extort ransoms from companies and harass employees.
It is crucial that companies continue to educate employees on the newest cybersecurity threats and schemes so they can identify them and prevent themselves from becoming victims. The use of sophisticated vishing and phishing schemes like the one described above are unusual and many users don’t understand how combining vishing and phishing can be very powerful and successful. Incorporate these recent threats into your next cybersecurity training or company-wide cyber tip.