Cybercrooks exploiting insiders in telco company attacks

Cybercriminals are exploiting insiders to gain access to telecom networks and customer data, research from Kaspersky Lab indicates.

The criminals are recruiting disgruntled employees through underground channels and blackmailing staff using compromising personal information, then using these insider assets as part of their attack toolset, the report states.

Disaffected employees are paid for their role in attacks and are sometimes asked to identify co-workers who may be susceptible to blackmail.

Blackmail material is often collected from publicly available or previously stolen data sources, Kaspersky Lab said.

Incidents of blackmail being used in cyber attacks increased in popularity following online data breaches such as the leak of the user database from Ashley Madison, a dating service originally marketed at married people looking to have an affair.

The insiders most in demand among cybercriminals are those with direct control over key functions. If the target is a mobile service provider, criminals will look for employees who can facilitate access to subscriber and company data or approve the reissuing of duplicate SIM cards.

For ISPs, attackers will instead try to identify employees who can enable network mapping and man-in-the-middle attacks.

Because of their role operating and managing the world’s networks and voice and data transmissions, telcos are highly attractive targets for cybercriminals in search of financial gain, as well as nation-state-sponsored hackers, Kaspersky Lab researchers noted.

The report details two non-typical but particularly damaging examples of insider threats from rogue employees. One involved an employee leaking 70 million prison inmate calls, many violating attorney–client privilege.

The second involved an SMS centre support engineer advertising their ability to intercept messages containing one-time passwords required to log into customer accounts at a popular FinTech company.

“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organisation in a world where attackers don’t hesitate to exploit insider vulnerability,” Kaspersky Lab security expert Denis Gorchakov said.

“Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it, the better you can prepare.”

Image courtesy of Solución Individual under CC