Cybercriminals recruit insiders to hit telcos – Kaspersky Lab
Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources.
This was according to the latest Kaspersky Lab intelligence report into security threats facing telcos.
Telcos are top targets for cyberattack. They operate and manage the world’s networks, voice and data transmissions and store vast amounts of sensitive data.
This makes them highly attractive to cybercriminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors.
To achieve their goals, cybercriminals often use insiders as part of their malicious “toolset,” to breach the perimeter of telco.
Some 28% of all cyberattacks and 38% of targeted attacks now involve malicious activity by insiders.
Attackers engage or entrap employees of the telcos they want to hack using publically available or previously stolen data sources to find compromising information on them.
They then blackmail targeted individuals, forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.
They also recruit willing insiders through underground message boards or through the services of “black recruiters.”
These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.
If an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast-track access to subscriber and company data or SIM card duplication/ illegal reissuing.
If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.
However, insider threats can take all forms.
A rogue telecoms employee leaked 70 million prison inmate calls, many of which breached client-attorney privilege.
In another instance, an SMS center support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company.
“The human factor is often the weakest link in corporate IT security,” warned Kaspersky Lab security expert Denis Gorchakov.
“Technology is rarely enough to protect the organization. Companies should look at themselves the way an attacker would. If vacancies carrying their company name, or some of their data start appearing on underground message boards, then somebody, somewhere has the company in their sights.”