Real-Time ‘Vishing’ Attacks Compromise SSO Accounts in New Wave
Cybersecurity researchers are on high alert as a new wave of voice-phishing attacks, dubbed “vishing,” targets single sign-on (SSO) accounts. These sophisticated attacks involve various cybercriminal groups using voice calls and advanced phishing kits to compromise sensitive user data.
Overview of Voice-Phishing Attacks
The campaign has been attributed in part to a group known as ShinyHunters. This group not only claims responsibility for the attacks but has also named victims and released samples of stolen data. ShinyHunters has a history of targeting third-party vendors to gain initial access to corporate networks, including a significant attack that affected over 700 Salesforce customer environments last fall.
Current Strategies and Techniques
According to Charles Carmakal, chief technology officer at Mandiant Consulting, the ongoing campaigns utilize advanced voice phishing techniques to compromise SSO credentials. Cybercriminals are increasingly registering custom domains that mirror legitimate SSO portals, thus enhancing their deception. Researchers suggest the following tactics are common:
- Real-time syncing of audio prompts with multifactor authentication requests.
- Utilization of tailored phishing kits designed for impersonating identity providers.
- Exfiltration of sensitive data once initial access is gained.
Involvement of Major Companies
Several major companies, including Okta, have begun issuing threat intelligence reports concerning this campaign. Okta’s research indicates that attackers are using sophisticated phishing kits capable of mimicking Google, Microsoft, and Okta sign-in flows effectively.
Microsoft and Google have stated that they have not detected any direct impact on their products from these attacks. However, security experts note that these incidents exploit existing vulnerabilities in identity and access management rather than flaws within SSO systems themselves.
Reported Victims
The extent of the attacks remains unclear, but at least three organizations have confirmed data breaches. Two notable cases include:
- SoundCloud: Approximately 20% of its user base, roughly 36 million people, had their personal data compromised.
- Betterment: A financial services firm reported that customer data was stolen in an attack on January 9, despite no accounts being accessed directly.
Additionally, threat intelligence suggests that more companies may be affected. Researchers from Sophos are monitoring around 150 malicious domains linked to these phishing attacks, specifically targeting sectors like finance and education.
Conclusion
As these voice-phishing attacks evolve, the threat landscape for SSO accounts has become increasingly dangerous. Cybersecurity professionals stress the importance of vigilance among users to prevent falling victim to such increasingly sophisticated tactics.
