But these SIM cards allow an attacker to spoof a specific number, making it more likely someone will answer the phone. For example, spam callers often spoof their number to make it seem they’re calling from a number in the recipient’s local area. The ability to mimic a specific phone number is what makes these SIMs dangerous. “So any tools or processes like these that make that job quicker and easier for them is obviously good, in their eyes.” “It’s easier, cheaper and faster to compromise a person through social engineering than it is to try and take advantage of a computer or computer network,” said Walsh. Social engineering attackers pick their targets by weighing the money, time and effort required to dupe them against the payoff, said Paul Walsh, CEO of the cybersecurity company MetaCert. These SIMs present challenges for those working to protect against social engineering, including banks and other financial institutions. “What’s interesting to note is that 99% of telecom employees have access to all customer accounts, meaning you only need to social engineer one of them.” It requires essentially rewriting the internet,” said Sawhney. ![]() “Spoof calling is a flaw at the protocol layer and is not something that can be fixed overnight. It involves an attacker fooling a telecommunications company employee into porting the victim’s number to the attacker’s device, which lets them bypass two-factor authentication protections to an exchange account or social media profile. See also: Student Gets 10-Year Jail Term for SIM-Swap Crypto Thefts Worth $7.5 Millionįor years the cryptocurrency community has been the target of SIM swaps, a subset of social engineering. It can look as simple as a phishing attack, but can also involve more elaborate means such as SIM swapping, voice spoofing or extensive phone conversations, all to gain access to someone’s information or data. Social engineering often relies on an attacker tricking someone into doing something he or she shouldn’t. SIMS can generally be bought on the Dark Web or related sites, using bitcoin. Given the wide array of services SIMs such as these offer, they make social engineering just a little easier, and sometimes that’s all an attacker needs. “White SIMs make it extremely easy to conduct outgoing spoofed calls,” said Hartej Sawhney, Principal at cybersecurity agency Zokyo. ![]() The cards are known as White SIMs, owing to their color and lack of branding. Indeed, since the Twitter hack, there has reportedly been a rise in spear-phishing attacks across companies, individuals, and cryptocurrency exchanges. Related: Tor Network Compromised by Single Hacker Stealing Users' Bitcoin: Report “And they’re just not going to be prepared in the same way that battle-scarred telecommunications companies have been.” “Other companies might be a softer target for these same techniques,” said Allison Nixon, chief research officer at Unit221B, a cybersecurity firm. See also: ‘Crypto Instagram’ Is Becoming a Thing, Scams and All Tools like these SIMs are one way for attackers to try and stay ahead of suspecting companies. ![]() That attack, which led to the takeover of 130 accounts, including high-profile ones such as Elon Musk and Kanye West, to scam their followers out of $120,000 worth of bitcoin, has brought increased attention to the practice. Twitter was the victim of a phone spear-phishing attack, in which a person posing as a company insider (often supposedly from the IT department) calls a real employee to extract information. They underscore the wide array of vulnerabilities companies and individuals face when trying to protect against social engineering attacks. ![]() While spoofing a phone number is an old trick, these SIMs offer a streamlined way to do it. Related: Russia, With Bitcoin Playing Bit Part, Tried to Hack 2016 US Election, Senate Report Finds
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |