Discussion by security leaders on an advanced and continuous phishing operation

Recent findings from the GuidePoint Research and Intelligence Team have shed light on a sophisticated phishing campaign that has targeted more than 130 organizations. This campaign focuses on employees by imitating the VPN providers used by their respective organizations, registering domain names that closely resemble the legitimate ones.

Insights from Security Experts

Patrick Harr, CEO at SlashNext Email Security+:

“Unfortunately, we continue to observe creative attacks like these that target unsuspecting users. The use of typosquatting domains, which closely mimic actual VPN domain names, is not a new strategy. What sets this campaign apart is the utilization of communication channels beyond email. SMS, as the second most targeted vector, poses a significant threat as mobile devices typically lack adequate protection, making them prime targets for threat actors.

“Relying solely on training is no longer sufficient to combat these attacks. It is crucial for organizations to implement AI-driven anti-phishing solutions in SMS and other messaging applications on mobile devices to proactively intercept and prevent these attacks before they compromise employees.”

John Bambenek, President at Bambenek Consulting:

“Phishing users using well-known brands is not a new tactic, but leveraging VPNs is a more sophisticated and dangerous approach. By exploiting VPNs, attackers can intercept unencrypted data by positioning themselves as trusted intermediaries, particularly if they can install a malicious CA on the device. This campaign specifically targets a vulnerable entry point – BYOD and employees’ personal devices – knowing that enterprise security measures may not detect this type of attack.”