“Cyber criminals recruiting ‘insiders’ to attack telecoms providers” reports Kaspersky Lab

Cyber criminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources. That’s according to a published Kaspersky Lab intelligence report into security threats facing the telecommunications industry.

Telecommunications providers are a top target for cyber attack. They operate and manage the world’s networks, voice and data transmissions and store vast amounts of sensitive data. This makes them highly attractive to cyber criminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, not to mention their own competitors.

To achieve their goals, cyber criminals often use insiders as part of their malicious ‘toolset’ to help them breach the perimeter of a telecommunications company and perpetrate their crimes.

New research conducted by Kaspersky Lab and B2B International1 reveals that 28% of all cyber attacks and 38% of targeted attacks now involve malicious activity by insiders. The intelligence report examines popular ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.

According to the Kaspersky Lab researchers, determined cyber attackers engage or otherwise entrap telecoms sector employees in the following ways:

*Using publicly available or previously stolen data sources to find compromising information on employees of the company they wish to hack. They then blackmail targeted individuals, forcing them to hand over their corporate credentials, provide information on internal systems or distribute spear phishing attacks on their behalf.

*Recruiting willing insiders through underground message boards or through the services of ‘black recruiters’. These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail procedures.

Blackmailing approaches have grown in popularity following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data leak-related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risks involved and its potential impact.

Insiders most in demand

According to the Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast-track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet Service Provider, the attackers will try to identify those who can best enable network mapping and man-in-the-middle attacks.

However, insider threats can take all forms. The Kaspersky Lab researchers have noted two non-typical examples, one of which involved a rogue telecoms employee leaking no less than 70 million prison inmate calls, many of which breached client-attorney privilege.

In another example, an SMS Centre support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing One-Time Passwords for the two-step authentication required to login to customer accounts at a popular fintech company.

“The human factor is often the weakest link in corporate IT security,” said Denis Gorchakov, security expert at Kaspersky Lab. “Technology alone is rarely enough to completely protect the organisation in a world where attackers don’t hesitate to exploit insider vulnerability. Companies can begin to address this issue by looking at themselves in the same way that an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. The sooner you know about it, the better you can prepare to deal with this.”


1‘Corporate IT Security Risks Survey 2016’, Kaspersky Lab and B2B International

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts