Mon, Apr 24, 2017 | updated 12:58 PM IST

Cybercriminals recruit insiders to attack telecom providers

Updated: Aug 24, 2016 19:11 IST      
Cybercriminals recruit insiders to attack telecom providers

New Delhi, Aug.24 (ANI): Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources - according to a Kaspersky Lab intelligence report into security threats facing the telecommunications industry.

Telecommunications providers are a top target for cyber-attack. They operate and manage the world's networks, voice and data transmissions and store vast amounts of sensitive data.

This makes them highly attractive to cybercriminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors.

To achieve their goals, cybercriminals often use insiders as part of their malicious 'toolset', to help them breach the perimeter of a telecommunications company and perpetrate their crimes.

New research by Kaspersky Lab and B2B International reveals that 28 percent of all cyber-attacks, and 38 percent of targeted attacks now involve malicious activity by insiders. The intelligence report examines popular ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.

According to the Kaspersky Lab researchers, attackers engage or entrap telecoms employees in the following ways:

• Using publically available or previously-stolen data sources to find compromising information on employees of the company they want to hack. They then blackmail targeted individuals - forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.

Recruiting willing insiders through underground message boards or through the services of "black recruiters". These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.

The blackmailing approach has grown in popularity following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data-leak related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risk and its potential impact.

According to the Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.

However, insider threats can take all forms. The Kaspersky Lab researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege.

In another example, an SMS center support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company.

"The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in world where attackers don't hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare," - said Denis Gorchakov, security expert, Kaspersky Lab.

In order to protect the organization from insider threat, Kaspersky Lab advises the following:

• Educate your staff about responsible cyber-security behavior and the dangers to look out for, and introduce robust policies about the use of corporate email addresses;

• Use Threat Intelligence Services to understand why cybercriminals might be looking at your company and to find out if someone is offering an insider "service" in your organization;

• Restrict access to the most sensitive information and systems;

• Do a regular security audit of the company's IT infrastructure.

Read more about insiders and other typical cyber-threats facing telecommunications companies on Securelist.

Further information on threats facing companies in telecommunications and other sectors is available through Kaspersky Lab Intelligence Services or by emailing intelligence@kaspersky.com. (ANI)

HTC announces VIVE product launch in India

Updated: Apr 22, 2017 12:23 IST

New Delhi [India], Apr 22 (ANI-NewsVoir): Pioneer in innovative, smart mobile and virtual reality technologies HTC Corporation has announced the launch of their virtual reality system, HTC VIVE™ making it the first complete VR system available to customers in the India market. VIVE will be available exclusively on Amazon.in via pre-order from April 22nd, 2017.

Full Story >>

Google marks Earth Day with its Doodle

Updated: Apr 22, 2017 08:59 IST

New Delhi [India], Apr. 22 (ANI): The Earth is more than 4.543 billion years old, home to more than 8.7 million species, and still the only known planet in the universe known to harbour life, reads Google's blog today.

Full Story >>

New Delhi [India], Apr 22 (ANI): Following more than two years of verification and testing, SoftBank Corp., a subsidiary of SoftBank Group Corp. on Friday announced its decision to deploy the Ericsson Radio Dot System across Japan to deliver premium indoor connectivity to its subscribers.

Full Story >>

New Delhi [India], Apr 21 (ANI): The mobile division of Magicon Impex Jivi Mobiles on Friday announced its portfolio expansion of feature phones as it launched 'Sumo T3000' at Rs. 1490 in India.

Full Story >>

Televisa selects Ericsson for HD delivery

Updated: Apr 21, 2017 18:45 IST

New Delhi [India], Apr 21 (ANI): Ericsson on Friday announced implementation of a new end-to-end primary distribution system for Televisa, Mexico's leading broadcaster and content provider.

Full Story >>

New Delhi [India], Apr 21 (ANI): OMA Emirates Group UAE's leading payments solutions company on Friday introduced Mobility - a comprehensive range of Smart mPoS terminals in India.

Full Story >>

Hubhopper app adjudged Problem Solver for 2017

Updated: Apr 21, 2017 15:09 IST

New Delhi [India], April 21 (ANI): Hubhopper, one of India's leading social content aggregation, discovery and publishing platforms has been adjudged 'Problem Solver of the year' by TiE and Exhibit and ranked second amongst the Hottest 100 Start-ups in India.

Full Story >>

New Delhi [India], Apr 20 (ANI): Mobile application that allows users to personalize conversation in real-time on any platform Bobble Keyboard has announced that it has partnered with Gionee India.

Full Story >>

New Delhi [India], Apr 20 (ANI): BenQ ZOWIE, a leading innovator of professional gaming gear and monitors, announced today its association with ESL India Premiership 2017, the second edition of the biggest esports event in the country.

Full Story >>

New Delhi [India], Apr 20 (ANI): While people claim to value their memories more than any other form of data stored on their digital devices, they are happy to sell them for little money, research by Kaspersky Lab shows.

Full Story >>

New Delhi [India], Apr 20 (ANI): Communications technology and services leader Ericsson on Wednesday partnered with Lynk & Co, the world's 'most connected car' to enhance the future of car connectivity.

Full Story >>

New Delhi [India], Apr 19 (ANI): India's first 100 percent fibre broadband service provider Spectranet on Wednesday announced the launch of its world-class internet services in Noida.

Full Story >>

New Delhi [India], Apr 18 (ANI-NewsVoir): SAS, the leader in business analytics software and services will be hosting India's largest analytics forum - SAS Forum India 2017. Now in its seventh year, the forum will be held on Wednesday, April 26, 2017 at The Grand Hyatt in Mumbai.

Full Story >>

Kaspersky lab extends its Big Bounty Program

Updated: Apr 18, 2017 17:58 IST

New Delhi [India], Apr 18 (ANI): Extending its support to qualified individuals and organizations to submit reports on vulnerabilities and bugs found in its products, Kaspersky Lab has announced the extension of its Bug Bounty Program.

Full Story >>

New Delhi [India], Apr 18 (ANI): Leading bot platform Gupshup on Monday announced the launch of InterBot, a first of its type bot-to-bot communication platform aiming to revolutionise botkind.

Full Story >>

New Delhi [India], Apr 18 (ANI): Nine out of 10 customers switch brands due to an unsatisfactory digital experience, revealed a report published on Monday by SAP, a leader in enterprise application software.

Full Story >>

Gurugram (Haryana) [India], Apr 17 (ANI): Striving to support Prime Minister Narendra Modi's 'Make in India' initiative, MapmyIndia's Chief Technology Officer (CTO) Rohan Verma has said the company is 'truly local' in its approach and is working towards integrating world-class mapping solutions in the Indian market.

Full Story >>

Gurugram (Haryana) [India], Apr 17 (ANI): MapmyIndia, a premium-quality digital maps, global positioning system (GPS) navigation, tracking, location-based apps and geographic information system (GIS) solutions provided and VISIT, a facilitator of pre-primary healthcare partnered to help the government launch 'Swastha Bharat' m-health app for smart cities, tier II towns and villages

Full Story >>

New Delhi [India], Apr. 15 (ANI): Cyber security firm Kaspersky Lab's Cybersecurity Index revealed that in the second half of 2016, the number of people concerned about their security and ready to protect themselves against cyber threats is constantly growing.

Full Story >>

New York [USA], Apr. 15 (ANI): Community-driven hospitality company Airbnb on Friday announced a new set of mandatory security measures, including multi-factor authentication to prevent account takeovers.

Full Story >>