Cybercrooks exploiting insiders in telco company attacks


By Dylan Bushell-Embling
Thursday, 25 August, 2016


Cybercrooks exploiting insiders in telco company attacks

Cybercriminals are exploiting insiders to gain access to telecom networks and customer data, research from Kaspersky Lab indicates.

The criminals are recruiting disgruntled employees through underground channels and blackmailing staff using compromising personal information, then using these insider assets as part of their attack toolset, the report states.

Disaffected employees are paid for their role in attacks and are sometimes asked to identify co-workers who may be susceptible to blackmail.

Blackmail material is often collected from publicly available or previously stolen data sources, Kaspersky Lab said.

Incidents of blackmail being used in cyber attacks increased in popularity following online data breaches such as the leak of the user database from Ashley Madison, a dating service originally marketed at married people looking to have an affair.

The insiders most in demand among cybercriminals are those with direct control over key functions. If the target is a mobile service provider, criminals will look for employees who can facilitate access to subscriber and company data or approve the reissuing of duplicate SIM cards.

For ISPs, attackers will instead try to identify employees who can enable network mapping and man-in-the-middle attacks.

Because of their role operating and managing the world’s networks and voice and data transmissions, telcos are highly attractive targets for cybercriminals in search of financial gain, as well as nation-state-sponsored hackers, Kaspersky Lab researchers noted.

The report details two non-typical but particularly damaging examples of insider threats from rogue employees. One involved an employee leaking 70 million prison inmate calls, many violating attorney–client privilege.

The second involved an SMS centre support engineer advertising their ability to intercept messages containing one-time passwords required to log into customer accounts at a popular FinTech company.

“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organisation in a world where attackers don’t hesitate to exploit insider vulnerability,” Kaspersky Lab security expert Denis Gorchakov said.

“Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it, the better you can prepare.”

Image courtesy of Solución Individual under CC

Related Articles

Nation-state actors have their sights on the cloud

Prioritising the protection of credentials and adopting robust security measures can better...

Combating financial crime with AI

Rapid digital transformation across Australia and New Zealand has provided cybercriminals with...

Learning from the LockBit takedown

An international taskforce has seized the darknet sites run by LockBit, but relying on law...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd