Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New VPN Credential Attack Goes to Great Lengths to Obtain Access

    Real Cyberattack as PhishbaitA new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network.

    This is one of the most advanced initial access attacks I’ve seen.  Security analysts at GuidePoint Security have published details on a new attack that tricks users into providing the attacker with credentialed access.

    Here’s the quick rundown of the attack techniques used:

    1. The attacker calls the victim user on their mobile claiming to be the helpdesk
    2. They tell the user there’s a VPN login issue and direct them to an impersonated VPN logon site
    3. The user provides their credentials (which are captured by the attacker
    4. The attacker simultaneously logs on to the legitimate VPN site with the credentials and prompts the user for the MFA code sent to the user’s mobile phone
    5. Once access is granted, they get to work scanning the victim network to identify targets for lateral movement, persistence, and further privilege escalation.

    To pull this off, the attacker needs a number of parts of the attack to be in line:

    • The company, name, and mobile phone number of the victim user
    • A believable lookalike VPN site domain name
    • A spoofed VPN site with the victim’s organization’s logo
    • VPN Groups from the actual victim organization’s VPN logon page
    • A social engineering script that makes the experience believable to the user (so they don’t report it to IT)

    It’s evident that this attacker focuses on organizations using specific VPN technologies that aid in their socially engineered experience for the user. What is also evident is that any user that has undergone security awareness training should be able to easily identify all of these social engineering red flags. 

    This attack shows you just how far initial access brokers will go to compromise your network.  So, make sure your users are vigilant and play a role in keeping the organization secure.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

     

    Return To KnowBe4 Security Blog

    Discover dangerous look-alike domains that could be used against you! 

    Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain.

    Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.

    DomainDoppelgangerResults-1Here's how it's done:

    • Get detailed results of look-alike domains found similar to your primary email domain
    • You can now quiz your users with your look-alike results
    • Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
    • It only takes a few minutes to discover your “evil domain twins”!

    Find Your Look-Alike Domains!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-doppelganger

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews