SIM-Swapping Attack
T-Mobile transferred a phone number from an employee of a large company.
SIM swapping allows threat actors to bypass the security of SMS password resets and verification.
There’s been over 100 incidents in 2022.
https://krebsonsecurity.com/2023/08/kroll-employee-sim-swapped-for-crypto-investor-data/
https://en.wikipedia.org/wiki/SIM_swap_scam
Steps:
They gather details about the individual from social media or gathered through a phishing site.
They call the customer and use these details to appear authentic, and they try to convince the user to approve a SIM swap.
If accepted, the threat actor will receive all SMS and voice calls; They can now bypass 2-Factor Authentication.
Jack Dorsey
In 2019, the CEO of Twitter was hacked via SIM-swapping.
In 2021, the FBI received 1,600 complaints of SIM-swapping.
Simjacker
There was another SIM card attack that ran commands on the phone with a specially formatted SMS message. It ran commands to first gather information, then send that information to threat actors. It was discovered in 2019. https://en.wikipedia.org/wiki/Simjacker
S@T browser requires no authentication
Several hundred attacks per week in Mexico (primary targets)
A surveillance company
Around 10-20k of these messages in a year.
Over 100m globally could be affected.
Steps:
Binary “Attack message” sent to user. (Instructs SIM card to get location information)
SMS message is sent to scammer receipient phone number, with location info.
Could also lock a user out of their account with S@T commands.
QAKBOT
https://www.bleepingcomputer.com/news/security/qakbot-botnet-dismantled-after-infecting-over-700-000-computers/
Compromised 700k computers
Found a payments.txt file with details of ransomware victims.
FBI deployed an uninstaller by redirecting Qakbot traffic.
Share with your friends: |
