• About us
  • Disclaimer
  • Privacy Policy
Friday, April 23, 2021
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
    • All
    • BLOG
    • COMMUNITY
    • gaming
    • Smart phone
    • smart tv
    • software
    • VR
    • Wifi
    websites

    How to Secure a Website in 6 Easy Steps

    Cryptojacking

    Could Cryptocurrency’s Ultimate Legacy Be Legal Online Poker?

    Wi-Fi Protected Access

    What Is WPA2 ?

    Ransomware

    What is Android Ransomware ?

    Mail

    A History of Email and SMPT

    DNS

    What Is a DNS Leak?

    Trending Tags

    • Security
    • Web Security
    • cyber-security
    • Enhanced Security
    • Data Security
    • Security Bugs
    • Network Security
    • Cybersecurity
    • Security Updates
    • Mobile Security
    • Microsoft Security Updates
    • Data security and compliance
  • Knowledgebase
  • Contact
  • About us
    • Disclaimer
  • Write For Us
No Result
View All Result
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
    • All
    • BLOG
    • COMMUNITY
    • gaming
    • Smart phone
    • smart tv
    • software
    • VR
    • Wifi
    websites

    How to Secure a Website in 6 Easy Steps

    Cryptojacking

    Could Cryptocurrency’s Ultimate Legacy Be Legal Online Poker?

    Wi-Fi Protected Access

    What Is WPA2 ?

    Ransomware

    What is Android Ransomware ?

    Mail

    A History of Email and SMPT

    DNS

    What Is a DNS Leak?

    Trending Tags

    • Security
    • Web Security
    • cyber-security
    • Enhanced Security
    • Data Security
    • Security Bugs
    • Network Security
    • Cybersecurity
    • Security Updates
    • Mobile Security
    • Microsoft Security Updates
    • Data security and compliance
  • Knowledgebase
  • Contact
  • About us
    • Disclaimer
  • Write For Us
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Cyber Attacks

The Phishing Evolution: Welcome to “Vishing”

Melina Richardson by Melina Richardson
September 12, 2020
in Cyber Attacks, Security, Tech today
Reading Time: 3 mins read
0
Phishing
0
SHARES
13
VIEWS
Share on FacebookShare on Twitter

Post-mortem data breach review reveals much of today’s cyber-attacks are front ended by phishing campaigns. The new Twitter Hacker on CryptoForHealth is only one of several examples. This is not shocking, since the simplest way for a threat actor to access sensitive data is by compromising the identity and credentials of an end-user. Things get even worse if a compromised identity belongs to a privileged person who has much wider access and therefore gives “the keys to the kingdom” to the attacker. While paying careful attention to existing hackers’ methods, techniques , and procedures (TTPs) enhances the capacity of an enterprise to adopt successful cyber protection strategies, companies need to remain attuned to emerging TTPs. Vishing is a popular example which is a modern take on an old scam.

Security professionals are now painfully aware of phishing which uses tactics in social engineering to request personal information from unsuspecting users. Threat actors typically craft phishing emails to look as though they were sent from a reputable entity or a recognised person. These emails also try to entice users to click on a connexion that will take them to an legitimate looking fraudulent website. Then the user might be asked to provide personal information, such as account usernames and passwords that would further expose them to potential vulnerabilities. These fraudulent websites can also contain malicious code.

Threat actors have increased their TTPs to leverage the widespread use of smartphones and are now distributing their attacks through SMS or direct phone calls. The Federal Investigation Bureau (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint security advisory on 20 August 2020, warning of a growing wave of vishing attacks targeting the US private sector.

Vishing is a type of criminal phone fraud combining custom phishing sites with one-on-one phone calls. The threat actor ‘s aim is to convince the victim either to reveal their credentials over the phone or to manually enter them to a website set up by the cyber adversary, which impersonates the gateway of the company’s corporate email or virtual private network ( VPN).

According to the advisory, the increase in the usage of this TTP is motivated by the COVID-19 pandemic, resulting in a mass change from home to work, increasing use of corporate VPNs, and lack of in-person verification.

How to defend against errors

The following constructive steps can be taken by IT security practitioners to protect their organisations:

• Security awareness training: Integrate security awareness education into the overall safety awareness training programme. This is a good reminder that you need to update your training material periodically to account for changes in TTPs. In addition , increase the training with phishing exercises to gauge the level of sensitivity of your employees and correct their behaviour.

• Limited VPN Connections: Use mechanisms such as hardware checks or enabled certificates so user input alone is not sufficient to access the VPN. Limit VPN access hours, if necessary, to minimise access outside of permitted times.

• Employ Domain Monitoring: Track the development of brand-name domains, or changes to them.

• Hard use of MFA: Once enforced, introduce multi-factor authentication (MFA) involving multiple verification methods (something you know, something you have, and something you are) and is also one of the safest ways to prevent unauthorised users from accessing confidential data and moving laterally within the network. If MFA has been introduced, harden the use by deploying NIST SP 800-63-3 Assurance Level 3 authenticators to enable this. These hardware-based devices are known to be a reliable deterrent (e.g., YubiKey, Titan Security Key).

• Apply Least Privilege: Configure access controls, including permissions for file, directory and network sharing, with the least privilege in mind. If a user only needs to read specific files, write-access to those files, directories or shares should not be needed. Over the past two years, Gartner has listed Privileged Access Management as one of the Top 10 information security initiatives, as it is an environment where organisations can make the greatest return on Their security investments.

Phishing campaigns are actually the precursor to credential-based attacks, which are the leading cause to today’s data breaches. Organizations will improve their cyber resilience by aligning their cyber protection policy on the basis of TTPs from threat actors. However, as demonstrated by the advent of vishing, organisations need to remain alert and adapt their strategies in response to shifts in TTPs of their adversaries.

Tags: data breachPhisingTwitter Hacker
Previous Post

How Does The Protection Team Stay Alert

Next Post

The Last Guardian Playstation 4 Game review

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post

The Last Guardian Playstation 4 Game review

Please login to join discussion
  • Trending
  • Comments
  • Latest
router

192.168.0.1 – 192.168.1.1 Router Login Password

April 6, 2020
inurl technology

Latest Carding Dorks List for Sql Injection 2020

January 18, 2020
HBO

Free HBO Premium Accounts and Passwords

February 4, 2020
Best-FRP-Bypass-Tools

Google Account Verification Bypass FRP Bypass Tools

February 18, 2020
websites

How to Secure a Website in 6 Easy Steps

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
websites

How to Secure a Website in 6 Easy Steps

April 23, 2021
Cyberattacks

Cyber Attacks 2020!

April 22, 2021
Manager Software

Containerization Accelerating DevOps in Modern Times

April 21, 2021
Quantum Safe Algorithm

What Is a Quantum-Safe Hybrid Digital Certificate?

April 21, 2021
ADVERTISEMENT

Quick Links

Tech Write For US
Mr.Perfect Reviews

Recent News

websites

How to Secure a Website in 6 Easy Steps

April 23, 2021
Cyberattacks

Cyber Attacks 2020!

April 22, 2021
Manager Software

Containerization Accelerating DevOps in Modern Times

April 21, 2021
Quantum Safe Algorithm

What Is a Quantum-Safe Hybrid Digital Certificate?

April 21, 2021
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • Android
  • BLOG
  • camer
  • camera
  • COMMUNITY
  • Comparison
  • computer
  • Cyber Attacks
  • Cyber Security
  • Cybercrime
  • Encryption
  • Error
  • Featured
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Projectors
  • PS4 games
  • Reviews
  • SCADA / ICS
  • Security
  • Smart phone
  • smart tv
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • VR
  • Vulnerabilities
  • Website
  • What is?
  • Wifi

Recent News

websites

How to Secure a Website in 6 Easy Steps

April 23, 2021
Cyberattacks

Cyber Attacks 2020!

April 22, 2021
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website & SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Vulnerabilities
    • Malware
    • Android
    • Top list
  • Cyber Attacks
  • How To?
  • Knowledgebase
  • Contact
  • About us
    • Disclaimer
  • Write For Us

© 2020 w-se.com - Powered by Fix Hacked Website & SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In