In 2024, imitation was the sincerest form of hackery.
Security company CrowdStrike’s 13th annual global threat report found a 442% increase in voice phishing, or vishing, between the first and second half of 2024—both impersonations of help-desk departments and impersonations to help-desk departments.
“A lot of this is driven by the adversaries realizing that the technical defenses are getting stronger, so they have to go after the weakest link, which is the humans,” Adam Meyers, CrowdStrike’s SVP for counter adversary operations, said on Feb. 24.
The vishing threat, according to Meyers, refers to tactics like an adversary calling up the help desk and pretending to need a password reset. (The reverse occurs, too. As IT Brew reported in January, researchers have observed adversaries flooding inboxes and then offering to “help” by taking remote control of the target’s device.)
CrowdStrike in its report noted “a massive increase” in phone-based social engineering techniques to gain initial access.
While CrowdStrike’s threat-hunting service OverWatch only noted two vishing intrusions in 2024, the numbers jumped to 33, 55, 64, and 93 in September, October, November, and December, respectively.
Microsoft, the FTC, and CISA all warned of fraudsters impersonating IT and help desk officials in 2024. The FBI’s 2023 Internet Crime Report, published in March 2024, showed that tech-support scams—a steadily growing tactic compared to previous years—led to 37,560 complaints from the US public for the year, and $924,512,658 in losses.
Other findings from the CrowdStrike report, published this week, included:
- China-linked intrusions increased by 150% percent, across all sectors, compared to 2023 and “represent the most active targeted intrusion threats CrowdStrike Intelligence tracks.” (There was no link, Meyers noted on the call, between the increase in China-nexus intrusions and vishing spikes.)
- Average breakout time—or the time it takes for an attacker to hop to another system outside of the initial entry point—fell to 48 minutes, with the fastest breakout time clocked at 51 seconds.
- Almost eight in 10 (79%) of detections of CrowdStrike’s 2024 detected intrusions were malware-free, up from 40% in 2019.
- Ads for access brokers, those selling the compromised entry to threat actors, increased 50% year over year.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Meyers, when asked for defenses against the IT impersonations that go beyond “awareness,” mentioned that help-desk pros conducting an identity reset need to turn video on to make ID confirmations.
Will IT pros want to take that extra step, for such a familiar process like a new password request?
“I don’t think it’s really up to the IT pros whether they want to do this or not. I think it’s a risk decision for the business to say, do we want to spend the extra resources to do this right? Or do we want to find out what happens?” Meyers told reporters.