Thu, Feb 23, 2017 | updated 12:29 PM IST

Cybercriminals recruit insiders to attack telecom providers

Updated: Aug 24, 2016 19:11 IST

New Delhi, Aug.24 (ANI): Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources - according to a Kaspersky Lab intelligence report into security threats facing the telecommunications industry.

Telecommunications providers are a top target for cyber-attack. They operate and manage the world's networks, voice and data transmissions and store vast amounts of sensitive data.

This makes them highly attractive to cybercriminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors.

To achieve their goals, cybercriminals often use insiders as part of their malicious 'toolset', to help them breach the perimeter of a telecommunications company and perpetrate their crimes.

New research by Kaspersky Lab and B2B International reveals that 28 percent of all cyber-attacks, and 38 percent of targeted attacks now involve malicious activity by insiders. The intelligence report examines popular ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.

According to the Kaspersky Lab researchers, attackers engage or entrap telecoms employees in the following ways:

• Using publically available or previously-stolen data sources to find compromising information on employees of the company they want to hack. They then blackmail targeted individuals - forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.

Recruiting willing insiders through underground message boards or through the services of "black recruiters". These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.

The blackmailing approach has grown in popularity following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data-leak related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risk and its potential impact.

According to the Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.

However, insider threats can take all forms. The Kaspersky Lab researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege.

In another example, an SMS center support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company.

"The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in world where attackers don't hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare," - said Denis Gorchakov, security expert, Kaspersky Lab.

In order to protect the organization from insider threat, Kaspersky Lab advises the following:

• Educate your staff about responsible cyber-security behavior and the dangers to look out for, and introduce robust policies about the use of corporate email addresses;

• Use Threat Intelligence Services to understand why cybercriminals might be looking at your company and to find out if someone is offering an insider "service" in your organization;

• Restrict access to the most sensitive information and systems;

• Do a regular security audit of the company's IT infrastructure.

Read more about insiders and other typical cyber-threats facing telecommunications companies on Securelist.

Further information on threats facing companies in telecommunications and other sectors is available through Kaspersky Lab Intelligence Services or by emailing intelligence@kaspersky.com. (ANI)

New Delhi [India], Feb. 23 (ANI): Google has always made sure to celebrate every special affair around the globe.

Full Story >>

Mumbai (Maharashtra) [India], Feb. 22 (ANI): Microsoft's Chief Executive Officer (CEO) Satya Nadella on Wednesday announced the launch of a new skilling tool called 'Project Sangam' for Indian citizens.

Full Story >>

New Delhi [India], Feb 22 (ANI): According to Kaspersky Lab "Spam and phishing in 2016"report, about 20 percent of all spam emails in Q4 2016distributed ransomware Trojans. The Kaspersky Lab spam report also identified the following trends in 2016

Full Story >>

HP launches OMEN gaming portfolio in India

Updated: Feb 22, 2017 15:32 IST

New Delhi [India], Feb. 22 (ANI): HP Inc. launched the debut of its gaming portfolio in India - OMEN by HP, featuring an array of products built for gamers combining the latest in PC innovation, delivering power and performance to dominate competition.

Full Story >>

New Delhi [India], Feb. 22 (ANI): Optical fibre broadband service provider Spectranet on Wednesday announced their next phase of expansion in South India by launching its operations in Bengaluru.

Full Story >>

New Delhi, [India], Feb. 22 (ANI): ADDA GateKeeper, a security management platform for apartment complexes, launched a range of security measures to tighten security in large apartment complexes across most Tier I cities.

Full Story >>

Who controls your car without you knowing?

Updated: Feb 21, 2017 16:43 IST

New Delhi [India], Feb.21 (ANI): Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers. As a result, the company's experts have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

Full Story >>

New Delhi [India], Feb 21 (ANI): World leader in digital security Gemalto is presenting the newest release of its On Demand Connectivity and eSIM technology for Windows 10 devices, in connection with Microsoft.

Full Story >>

New Delhi [India], Feb. 21 (ANI): In lieu of its eighth birthday on February 24, 2017, WhatsApp messenger, the instant messaging platform introduced a new update which is set to revamp the status feature.

Full Story >>

New Delhi [India], Feb 20 (ANI): NEC Corporation has announced that it has completed joint verification trials with NTT DOCOMO, Inc. using Massive Multiple Input Multiple Output (MIMO), a core technology for 5G base stations.

Full Story >>

New Delhi [India], Feb 19 (ANI): SyncNScan is a young company, which was set up by ex-Microsoft leaders and they were pioneers in introducing anti-virus for mobile devices.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Ericsson introduced a 5G platform for the needs of the first movers in 5G. Communications are rapidly moving toward data-heavy applications like Virtual Reality and Augmented Reality everywhere.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Aeris Communications' 'AerCloud' is an IoT cloud platform for collecting, managing and analysing sensor data for Internet of Things (IoT) and machine-to-machine (M2M) applications.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Oracle India on Thursday announced that Oracle Management Cloud service has provided Indian companies with smarter insights and swifter action, thereby eliminating slow transactions.

Full Story >>

New Delhi [India], Feb 16 (ANI): LeEco, the internet and technology conglomerate's second generation Superphones Le2 (3+32) and Le Max2 to be a star attraction on popular e-commerce platform, Snapdeal during their Exchange Offer Days between February 16 to 18.

Full Story >>

New Delhi [India], Feb 16 (ANI): Kaspersky Lab on Thursday announced the

Full Story >>

New Delhi [India], Feb 16 (ANI): Leading provider of customer experience

Full Story >>

New Delhi [India], Feb 16 (ANI): As per the International Data Corporation (IDC) India Q4 2016 smartphone market report, Lenovo has emerged as the second best smartphone brand in CY 2016 with 8.9 percent and 9.8 percent market share by volume and value respectively.

Full Story >>

Gift-giving made easier this Valentine's Day

Updated: Feb 14, 2017 13:26 IST

New Delhi [India], Feb. 14 (ANI): For those who are struggling for ideas to gift to their other half on the big day of love, the ''Valentine's Day', here are some latest tech savvy gift ideas, from smart devices to gadgets put together for him and her:

Full Story >>

New Delhi [India], Feb 14 (ANI): cloud applications and platform services Oracle on Tuesday announced expansion of its 'Oracle Cloud Platform's' data integration offerings with the launch of Oracle Data Integrator Cloud, which will signify, simplify and accelerate cross-enterprise data integration to support real-time analytics that help organizations drive better business decisions.

Full Story >>