Tue, Jun 27, 2017 | updated 09:34 PM IST

Cybercriminals recruit insiders to attack telecom providers

Updated: Aug 24, 2016 19:11 IST      
Cybercriminals recruit insiders to attack telecom providers

New Delhi, Aug.24 (ANI): Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources - according to a Kaspersky Lab intelligence report into security threats facing the telecommunications industry.

Telecommunications providers are a top target for cyber-attack. They operate and manage the world's networks, voice and data transmissions and store vast amounts of sensitive data.

This makes them highly attractive to cybercriminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors.

To achieve their goals, cybercriminals often use insiders as part of their malicious 'toolset', to help them breach the perimeter of a telecommunications company and perpetrate their crimes.

New research by Kaspersky Lab and B2B International reveals that 28 percent of all cyber-attacks, and 38 percent of targeted attacks now involve malicious activity by insiders. The intelligence report examines popular ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.

According to the Kaspersky Lab researchers, attackers engage or entrap telecoms employees in the following ways:

• Using publically available or previously-stolen data sources to find compromising information on employees of the company they want to hack. They then blackmail targeted individuals - forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear-phishing attacks on their behalf.

Recruiting willing insiders through underground message boards or through the services of "black recruiters". These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.

The blackmailing approach has grown in popularity following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data-leak related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risk and its potential impact.

According to the Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.

However, insider threats can take all forms. The Kaspersky Lab researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege.

In another example, an SMS center support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to login to customer accounts at a popular fintech company.

"The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in world where attackers don't hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare," - said Denis Gorchakov, security expert, Kaspersky Lab.

In order to protect the organization from insider threat, Kaspersky Lab advises the following:

• Educate your staff about responsible cyber-security behavior and the dangers to look out for, and introduce robust policies about the use of corporate email addresses;

• Use Threat Intelligence Services to understand why cybercriminals might be looking at your company and to find out if someone is offering an insider "service" in your organization;

• Restrict access to the most sensitive information and systems;

• Do a regular security audit of the company's IT infrastructure.

Read more about insiders and other typical cyber-threats facing telecommunications companies on Securelist.

Further information on threats facing companies in telecommunications and other sectors is available through Kaspersky Lab Intelligence Services or by emailing intelligence@kaspersky.com. (ANI)

Seoul [Japan], June 27 (ANI): NEC Corporation on Tuesday announced that it has provided a facial recognition system to Seoul Sky, an observatory in Lotte World Tower, a 123-floor, 555-meter high skyscraper.

Full Story >>

Kaspersky's latest patent to counter audio spying

Updated: Jun 27, 2017 13:28 IST     

New Delhi [India], June 27 (ANI): Aiming to help to counter the threat posed by audio surveillance, Kaspersky Lab announced the launch of its latest patented technology to counteract unauthorised access to microphone data on Windows devices, which is being used in the company's flagship home solutions - Kaspersky Internet Security and Kaspersky Total Security.

Full Story >>

Make this Eid a tech-savvy one!

Updated: Jun 25, 2017 11:34 IST     

New Delhi [India], June 25 (ANI): Festivities are galore, as the nation gears up to celebrate Eid.

Full Story >>

Glide your way through bachelorhood with these five apps!

Updated: Jun 25, 2017 10:06 IST     

New Delhi [India], June 25 (ANI): Striking the perfect balance between personal and professional life can be tiresome.

Full Story >>

New Delhi [India], June 23 (ANI): Global mobile technology company OnePlus on Thursday launched its most awaited flagship 'OnePlus 5' in India priced at Rs. 32,999 for the 6GB RAM and 64GB storage version and Rs. 37,999 for 88GB RAM and 128GB storage version.

Full Story >>

New Delhi [India], June 23 (ANI): Social media giant Facebook has finally set up its new 'Group Insights' feature to enable proper administration of groups administrators (admins) to hold a more stringent check of the content being posted online.

Full Story >>

Online banking users to reach 150 billion by 2020: Study

Updated: Jun 22, 2017 16:35 IST     

New Delhi [India], June 22 (ANI): With the ongoing digital drive in India, the number of users opting for online banking is expected to double to reach 150 million mark by 2020, from the current 45 million active urban online banking users in India, according to a report drafted by Facebook and The Boston Consulting Group (BCG).

Full Story >>

Video-calling made easier with Google Allo's latest update

Updated: Jun 22, 2017 14:46 IST     

New Delhi [India], June 22 (ANI): With the latest update on Allo messaging app, users can now make video calls using Google Duo, without going to the app itself!

Full Story >>

Instagram Stories now has 250m users, new 'replay' feature

Updated: Jun 21, 2017 17:38 IST     

New Delhi [India], June 21 (ANI): Commemorating its achievement of registering 250 million daily users on its 'Stories' feature, social media engagement platform Instagram on Wednesday announced an update to its 'Live Video' segment.

Full Story >>

HP Inc. introduces two new convertible notebooks

Updated: Jun 21, 2017 15:22 IST     

New Delhi [India], June 21 (ANI): Aiming to instill creativity among students, professionals and millennials, HP Inc. on Wednesday introduced two new convertible notebooks - HP Pavillion x360 and HP Spectre x360, enabled with Windows Ink capabilities.

Full Story >>

New Delhi [India], June 20 (ANI): In a bid to inspire art enthusiasts around the world to brush up their art knowledge and become art experts, Google has announced the latest updates on Search and Maps driving newer ways to experience artworks online.

Full Story >>

Hike launches wallet, UPI payments for quick transactions

Updated: Jun 20, 2017 17:32 IST     

New Delhi [India], June 20 (ANI): Home-grown messaging platform Hike Messenger on Tuesday launched the feature of 'Hike Wallet' on its all-new visually unique version Hike 5.0 to send and receive money in the most easiest manner.

Full Story >>

Waterloo [Ontario], June 20 (ANI): BlackBerry Limited on Tuesday announced productivity and security enhancements to its enterprise software platform designed to power the 'Enterprise of Things'.

Full Story >>

New Delhi [India], June 20 (ANI):The crippling financial implications of online banking security incidents have been brought to light by the latest Kaspersky Lab report into cyber security threats in the financial sector.

Full Story >>

New Delhi [India], June 19 (ANI): India's leading mobility solutions provider Avis India has announced the launch of its mobile app to enable Chauffeur Drive and Self Drive rentals in India.

Full Story >>

Google marks Father's Day through special doodle

Updated: Jun 18, 2017 08:10 IST     

New Delhi [India], June 18 (ANI): Google today is celebrating Father's Day 2017 dedicating an endearing doodle to all the fathers out there.

Full Story >>

Fujifilm launches Instax mini 9 cameras with selfie mirror

Updated: Jun 15, 2017 23:47 IST     

New Delhi [India], June 15 (ANI): Fujifilm India Pvt Ltd., on Thursday announced the launch of its new iconic Instax mini 9 instant camera, built in with a selfie mirror and close-up lens.

Full Story >>

New Delhi [India], June 15 (ANI-NewsVoir): Alibaba Mobile Business Group, part of Alibaba Digital Media and Entertainment, has announced the appointment of Damon Xi as Head of UCWeb India and Indonesia office.

Full Story >>

New Delhi [India], June 15(ANI): Toreto, a leading aggregator of portable technology on Wednesday launched its water-resistant Bluetooth earphone, 'TBE-804 Blare', best suited for sports enthusiasts.

Full Story >>

Accenture envisioning gender-balanced workforce by 2025

Updated: Jun 15, 2017 00:47 IST     

New Delhi [India], June 15 (ANI): Accenture on Wednesday announced its vision to achieve a gender-balanced workforce by 2025, with 50 percent women and 50 percent men.

Full Story >>