The US Department of Health and Human Services (HHS) issued a warning that the healthcare and public health (HPH) centre was under attack from these new tactics.
The new tactics involve threat actors calling target organisations on the phone using local area codes to disguise themselves, before acting as financial department employees and convincing victims to hand over ID verification details.
Once they have the details, they then convince IT help desk staff to enrol a threat actor-owned device under multifactor authentication (MFA), allowing them to access the organisation’s systems. Reportedly, some threat actors use AI voice-cloning tools to increase the efficacy of their attacks.
Read the rest of the story at cyberdaily, here.