Introduction
Organizations are increasingly relying on diverse digital communication channels for essential business operations. The way employees interact with colleagues, access corporate resources, and especially, receive information technology (IT) support is often conducted through calls, chat platforms, and other remote technologies. While these various available methods enhance both efficiency and global accessibility, they also introduce an expanded attack surface that can pose a significant risk if overlooked. Prevalence of in-person social interactions has diminished and remote IT structures, such as an outsourced service desk, has normalized employees’ engagement with external or less familiar personnel. As a result, threat actors continue to use social engineering tactics.
<
div class=”block-paragraph_advanced”>
Vishing in the Wild: A Tale of Two Actors
Social engineering is the psychological manipulation of people into performing unsolicited actions or divulging confidential information. It is an effective strategy that preys on human emotions and built-in vulnerabilities like trust and the desire to be helpful. Financially motivated threat actors have increasingly adopted voice-based social engineering, or “vishing,” as a primary vector for initial access, though their specific methods and end goals can vary significantly.
Two prominent examples illustrate the versatility of this threat. The cluster tracked as UNC3944 (which overlaps with “Scattered Spider”) has historically used vishing as a flexible entry point for a range of criminal enterprises. Their operators frequently call corporate service desks, impersonating employees to have credentials and multi-factor authentication (MFA) methods reset. This access is then leveraged for broader attacks, including SIM swapping, ran
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: