Kaspersky Lab says cyber criminals are recruiting insiders to attack telecoms service providers.
Cyber criminals are using insiders to gain access to telecom networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources.
Cyber criminals use insiders as part of their malicious ‘toolset’, to help them breach the perimeter of a telecom company and perpetrate their crimes.
Kaspersky Lab tips to telecoms
# Educate your staff about responsible cyber-security behavior and the dangers to look out for, and introduce robust policies about the use of corporate email addresses
# Use Threat Intelligence Services to understand why cybercriminals might be looking at your company and to find out if someone is offering an insider service in your organization
# Restrict access to the most sensitive information and systems
# Do a regular security audit of the company’s IT infrastructure
New research by Kaspersky Lab and B2B International reveals that 28 percent of all cyber-attacks, and 38 percent of targeted attacks now involve malicious activity by insiders. The report on cyber security examines ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.
Cyber attackers engage or entrap telecoms employees in the following ways:
Using publically available or previously-stolen data sources to find compromising information on employees of the company they want to hack. They blackmail targeted individuals – forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.
Cyber criminals recruit insiders through underground message boards or through the services of black recruiters. These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.
The blackmailing approach has grown in popularity following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data-leak related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risk and its potential impact.
If an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.
The Kaspersky Lab researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege.
In another example, an SMS center support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company.
“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in world where attackers don’t hesitate to exploit insider vulnerability,” said Denis Gorchakov, security expert at Kaspersky Lab.
[i] Corporate IT Security Risks Survey, 2016, Kaspersky Lab and B2B International