Hackers Pose as Cybersecurity Firm to Trick Victims

Hackers Pose as Cybersecurity Firms in New Callback Phishing Attack

In what is said to be a new-age and sophisticated attack tactic, attackers are posing as renowned cybersecurity organizations to launch callback phishing attacks. Yes, hackers posed as a well-known cybersecurity firm in an attempt to gain illicit access to a company’s networks and systems.

In a recent phishing attack campaign, threat actors have been found impersonating prominent cybersecurity organizations to make the victims download a particular malware by luring them towards fake landing pages in an attempt to steal emails or credentials.

Understanding the callback phishing attack tactic

Upon receiving the phishing email, the recipients are instructed to dial a phone number, alerting them that the recipient’s organization or its data has been compromised and that a detailed security audit is required urgently.

Now when the victim calls that number, the attackers leverage social engineering hack tactics to persuade the users to install some random commercial Remote Administration Tool (RAT) on their devices thus, providing the hackers with access to the victim’s corporate networks. After the potential victim installs the tool, attackers then remotely install additional tools that allow them to spread throughout the company’s network laterally, steal corporate data and deploy Ransomware to encrypt the company’s devices and critical systems. These types of attack tactics have a high success rate given the urgent nature of these incidents. Hackers in callback phishing attacks are more likely to use Ransomware to monetize the campaign.

How does a callback phishing attack work?

• Hackers send a phishing email proclaiming that their company’s data has been compromised and that an immediate audit is required, insisting the victims to dial a phone number included in the email message.

• When the victim dials the number, the attackers deploy a streak of social engineering hack tactics to misguide the victim to visit or click an infected URL or download a RAT on their devices thus, providing the hackers with an initial foothold on to the victim’s network and perform lateral movements using various penetration tactics and eventually deploy Ransomware.

• Callback attack campaigns use emails that appear as if they are genuine ones from a prominent security company.

These attack campaigns are often driven by social engineering tactics as shown in the email snippet below:

In this case, the email informs its potential victims that it is being sent from their company’s data security services vendor, and that they have detected some abnormal activities/anomalies and suspect a potential data compromise or breach that can affect the entire network and a detailed audit of all the workstations is required. The email persuades the employees to call on a given phone number to schedule the required security audit of their workstations.

Read also: Major Engineering Company Hit by Ransomware, Halts Operations

How to protect yourself?

• Never click on suspected URLs, links or attachments

• Never respond to spam

• Use firewall, anti-spam filters and anti-virus solutions

• Patch vulnerable systems

• Endpoint security to protect all your connected devices and systems (websites, emails, mobiles, desktops, etc.)

• Never give out any personal information to an unsolicited request

• Stay updated with phishing techniques (cyber awareness and hygiene)

• If you believe that the contact may be legit, contact the company yourself

• Never give out credentials over the phone

• Get expert help (advanced email security)

• Get advanced web protection against spear-phishing, malware and new strands of Ransomware

• Keep your OS and software up-to-date

Last but not the least, employees need to have a clear understanding when it comes to identifying and reporting phishing attacks. Organizations ought to communicate with their employees about the various security hygiene policies and measures advising them to be careful. Getting help from a trusted managed security services provider is a win here. Futurism can help you deploy the right layers of security skills and resources. Our cybersecurity engineers and experts will deploy industry-leading threat intelligence technology and tools (IBM) to detect and stop such attacks in real-time.

Disclaimer: All the views, information and views expressed in this article are those of the authors and their respective web sources and in no way reflect the objectives, principles or views of Futurism Technologies.