News
Kaspersky Lab said internal staff members are latest vulnerability in telecoms service providers’ security systems.
Kaspersky Lab warned that people employed by telcos are as much a threat to the security of networks and subscriber data as remote cyber attacks.
The security company said cyber criminals are increasingly using service providers’ own staff to gain access to sensitive data. Joint research conducted by Kaspersky Lab and B2B International found that 28% of all cyber attacks and 38% of targeted attacks now involve malicious activity by company insiders.
Scammers typically target staff members who are unhappy, but are also known to employ blackmail using compromising information, the security company said. That information is gathered either from publicly available sources or from previously stolen data, which cyber criminals then use to force employees to provide details of their corporate credentials and internal systems, and to distribute spear-phishing attacks.
Employees who can quickly provide access to subscriber and customer data or SIM duplication and reissue facilities are in the most demand from criminals.
Denis Gorchakov, security expert at Kaspersky Lab, said its research showed that “technology alone is rarely enough to completely protect the organisation in a world where attackers don’t hesitate to exploit insider vulnerability.”
Kaspersky Lab said examples of an insider-led cyber attack included a telco employee leaking details of 70 million prisoners, and an SMS centre support engineer who advertised the ability to intercept messages featuring passwords used in a two-step authentication process for customer accounts at a popular fintech company.
Gorchakov said one of the best strategies a company can adopt in order to protect itself is to look “at themselves the way an attacker would.”
For example, “if vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere, has you in their sights.”
Kaspersky Lab also recommended that companies educate staff about cyber-security, introduce robust corporate e-mail usage policies, restrict access to sensitive information, and regularly review the security of IT infrastructure.
