Fri, Aug 18, 2017 | updated 12:28 PM IST

Cybercriminals recruit insiders to attack telecom providers

Updated: Aug 24, 2016 19:11 IST      
Cybercriminals recruit insiders to attack telecom providers

New Delhi, Aug.24 (ANI): Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources - according to a Kaspersky Lab intelligence report into security threats facing the telecommunications industry.

Telecommunications providers are a top target for cyber-attack. They operate and manage the world's networks, voice and data transmissions and store vast amounts of sensitive data.

This makes them highly attractive to cybercriminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors.

To achieve their goals, cybercriminals often use insiders as part of their malicious 'toolset', to help them breach the perimeter of a telecommunications company and perpetrate their crimes.

New research by Kaspersky Lab and B2B International reveals that 28 percent of all cyber-attacks, and 38 percent of targeted attacks now involve malicious activity by insiders. The intelligence report examines popular ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.

According to the Kaspersky Lab researchers, attackers engage or entrap telecoms employees in the following ways:

• Using publically available or previously-stolen data sources to find compromising information on employees of the company they want to hack. They then blackmail targeted individuals - forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.

Recruiting willing insiders through underground message boards or through the services of "black recruiters". These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.

The blackmailing approach has grown in popularity following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data-leak related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risk and its potential impact.

According to the Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.

However, insider threats can take all forms. The Kaspersky Lab researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege.

In another example, an SMS center support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company.

"The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in world where attackers don't hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare," - said Denis Gorchakov, security expert, Kaspersky Lab.

In order to protect the organization from insider threat, Kaspersky Lab advises the following:

• Educate your staff about responsible cyber-security behavior and the dangers to look out for, and introduce robust policies about the use of corporate email addresses;

• Use Threat Intelligence Services to understand why cybercriminals might be looking at your company and to find out if someone is offering an insider "service" in your organization;

• Restrict access to the most sensitive information and systems;

• Do a regular security audit of the company's IT infrastructure.

Read more about insiders and other typical cyber-threats facing telecommunications companies on Securelist.

Further information on threats facing companies in telecommunications and other sectors is available through Kaspersky Lab Intelligence Services or by emailing intelligence@kaspersky.com. (ANI)

Freshworks launches Freshteam, a CRM for recruiters

Updated: Aug 18, 2017 12:23 IST     

San Bruno (California) [United States], Aug.18 (ANI-Businesswire India): Freshworks, the leading provider of cloud-based business software, today announced the launch of Freshteam, a recruitment management software that empowers businesses to efficiently organize their talent acquisition function, engage with candidates, and better align the human resources organization to business goals. Freshteam's flexible hiring workflows and intuitive design make it a great fit for businesses of all sizes.

Full Story >>

Axilor graduates largest accelerator cohort of 20 startups

Updated: Aug 18, 2017 12:02 IST     

Bangalore (Karnataka) [India], Aug.18 (ANI-Businesswire India): Axilor Ventures has launched a call for applications for its sixth accelerator batch.

Full Story >>

New Delhi [India], Aug 17 (ANI): Schneider Electric, in partnership with IDC (International Data Corporation), released a white paper that highlights the pressing need for Indian utilities to embark on the technological advancements.

Full Story >>

New Delhi [India], August 17 (ANI): Kaspersky Lab experts recently detected one the largest known supply-chain attacks, ShadowPad, before it could threaten the security of hundreds of organisations worldwide.

Full Story >>

Nokia's flagship Android device, soon at a store near you!

Updated: Aug 17, 2017 09:15 IST     

New Delhi [India], August 17 (ANI): The much-awaited Nokia 8, which was launched in London by HMD Global, is all set to hit the market in early September this year, and is reportedly entering the Indian market early October.

Full Story >>

London [United Kingdom], Aug.16 (ANI): The make-up of the modern home is changing, bringing with it a new era of household 2.0 which, on average, cares for 2.4 people , 0.3 pets and now also 6.3 connected devices per home.

Full Story >>

New Delhi [India], August 16 (ANI): ASUS Republic of Gamers (ROG) on Wednesday announced the launch of Zephyrus, the world's slimmest gaming laptop powered by a seventh generation Intel Core i7 (Kaby Lake) processor and the latest NVIDIA GeForce GTX 1080 graphics, and priced at Rs. 2,99,990.

Full Story >>

New Delhi [India], August 16 (ANI): In the recent past, devices have become seemingly important in an average household, be it to cater to one's parents, children, home needs or even their pets. This new 'Household 2.0' era is set to be fueled further with the latest updates on Kaspersky Lab's flagship home security solutions, Kaspersky Internet Security and Kaspersky Total Security.

Full Story >>

Honor 8 Pro conferred with EISA Consumer Smartphone award

Updated: Aug 16, 2017 15:16 IST     

New Delhi [India], August 16 (ANI): Smartphone aggregator Honor received an accolade from the European Imaging and Sound Association (EISA), which bestowed on Honor 8 Pro, the 'EISA Consumer Smartphone 2017 - 2018' Award.

Full Story >>

eMudhra registers 20 mn eSigns within two years

Updated: Aug 16, 2017 13:53 IST     

New Delhi [India], August 16 (ANI): eMudhra, a digital identity and transaction management space on Wednesday announced that it has received issuance of over 20 million eSigns, since its inception in July 2015, surpassing its 2.5 million eSigns target which was set at the end of 2016.

Full Story >>

New Delhi [India], Aug 16 (ANI): PeopleStrong today announced the selection of Amazon Web Services (AWS) as its preferred cloud infrastructure provider. PeopleStrong is one of the fastest growing HR Technology and Solutions companies in India, with over 175 customers spread across all major industries.

Full Story >>

Google unveils Allo for Chrome, exclusively for Android users

Updated: Aug 16, 2017 10:10 IST     

New York [U.S.A.], August 16 (ANI): Tech-giant Google has unveiled 'Allo', its smart messaging app on its Chrome web browser, exclusively for its Android user base.

Full Story >>

London [United Kingdom], Aug.15 (ANI): Kaspersky Lab introduces its new freemium application, Kaspersky Secure Connection for Android, designed to protect user data transmitted via the Internet. This app's main feature is its adaptivity: for convenience and maximum user protection, traffic encryption can be enabled automatically depending on the level of security of the Wi-Fi network to which the device is connected, as well as on sites and applications that are opened.

Full Story >>

Indus Towers deploys Oracle Taleo Cloud Services

Updated: Aug 14, 2017 11:14 IST     

New Delhi [India], Aug 14 (ANI): Indus Towers, India's largest telecom infrastructure company today announced the deployment of Oracle Taleo Cloud Services to streamline its recruiting processes for faster recruitment and better collaboration in the cloud.

Full Story >>

Watch out gamers! Here are some best gaming laptops for you

Updated: Aug 12, 2017 15:33 IST     

New Delhi [India], Aug 12 (ANI): The gaming market in India is growing at a rapid pace and consumers in India nowadays are showing more inclination towards the latest gaming tech.

Full Story >>

New Delhi [India], Aug 12 (ANI): Looking forward to the extended Independence weekend, with utmost relaxation and ease on mind. These online entertainment platforms available on your will ensure your weekend sails through seamlessly with just a few clicks. All entertainment, movie flicks, TV series, original content on a single click.

Full Story >>

New Delhi [India], August 11 (ANI): Hike has created an array of stickers and filters for fans to enjoy the multi-starrer VIP2.

Full Story >>

Noida (Uttar pradesh) [India], Aug.10 (ANI): National Knowledge Network (NKN) conceptualized by Government of India in 2010 has been successfully connecting educational and research institutions in the country and is currently perceived globally as a leading research and education network (REN).

Full Story >>

New Delhi [India], Aug 10 (ANI): Oracle sees a very vibrant and active software development scenario in India, with developers working on all spectrums of technology. In particular, Oracle finds there's more developer appetite for cutting edge technologies such as Containers, Chatbots etc. for building innovative applications.

Full Story >>

New Delhi [India], Aug 10 (ANI): Google on Thursday introduced the latest update to Search, making it easier than ever for users to stay in the know and get relevant information quickly and easily.

Full Story >>