Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label telecommunications. Show all posts
TRAI
Fraud Calls Mobile Security SIM SIM swap Spam Call telecommunications TRAI

TRAI Updates Regulations to Prevent SIM Swap Fraud in Telecom Porting

 

The Telecom Regulatory Authority of India (TRAI) recently announced updated regulations aimed at combating SIM swap fraud in the telecom sector. According to the new regulations, telecom subscribers will be prohibited from porting out of their current network provider if they have recently "swapped" their SIM card due to loss or damage within the past seven days. 

This amendment is intended to prevent fraudulent activities by disallowing the issuance of a "unique porting code" (UPC), which is the initial step in changing providers using mobile number portability. 

The TRAI highlighted that this measure is part of its broader efforts to address concerns related to fraudulent and spam calls, which have been on the rise in recent years. In addition to SIM swap fraud, spam calls and messages have become a significant nuisance for telecom subscribers, leading to increased efforts by regulatory authorities to combat such activities. 

Previous anti-spam measures undertaken by TRAI include the establishment of a do-not-disturb registry, the release of an app for filing complaints against telemarketers, and the enforcement of regulations on transactional SMS messages by businesses. 

However, despite these efforts, fraudulent activities continue to pose challenges for both regulators and consumers. In addition to the prohibition on porting after SIM card swapping, TRAI has recommended to the Department of Telecommunications (DoT) the implementation of a feature that would display the legally registered name of every caller on recipients' handsets. This proposal aims to enhance transparency and enable recipients to identify the origin of incoming calls more accurately. 

However, the proposal has faced criticism on privacy grounds, with concerns raised about the potential misuse of caller identification information. To further address concerns related to fraudulent communication, the DoT has introduced its own portal called Chakshu for reporting suspected fraud communication. This platform allows users to report instances of suspected fraud, helping regulatory authorities to track and investigate fraudulent activities more effectively. 

Furthermore, the TRAI is considering a suggestion from the DoT regarding the verification of subscriber identity during the porting process. Currently, porting requires only the possession of an unblocked SIM, with know-your-customer (KYC) processes conducted anew. This policy has implications for minors and other dependents whose SIMs may not be registered in their names. 

The suggestion to double-check KYC during porting will be examined separately by TRAI. Overall, TRAI's efforts to strengthen regulations in the telecom sector aim to enhance security and protect consumers from fraudulent activities such as SIM swap fraud. By implementing measures to prevent unauthorized porting and enhancing transparency in caller identification, TRAI seeks to safeguard the interests of telecom subscribers in India. However, as fraudsters continue to evolve their tactics, regulatory authorities will need to remain vigilant and adapt their strategies accordingly to stay ahead of emerging threats.
Read more »
Vulnerabilities and Exploits
Houthi Rebels Red Sea Cable telecommunications Undersea Cable Vulnerabilities and Exploits

Red Sea Cable Damage Disrupts Internet Traffic Across Continents

 


Recently, in a telecommunications setback, damage to submarine cables in the Red Sea is causing disruptions in communication networks, affecting a quarter of the traffic between Asia, Europe, and the Middle East, including internet services. Four major telecom networks, including Hong Kong's HGC Global Communications, report that cables have been cut, leading to a substantial impact on communication in the Middle East. HGC estimates that approximately 25% of traffic between Asia and Europe, as well as the Middle East, has been affected.

To mitigate the disruption, HGC is rerouting traffic and providing assistance to affected businesses. However, the company has not disclosed the cause of the cable damage or identified those responsible. Seacom, a South Africa-based company owning one of the affected cable systems, has stated that repairs will not commence for at least a month due in part to the time needed to secure permits for operation in the area.

These undersea cables, largely funded by internet giants such as Google, Microsoft, Amazon, and Meta (Facebook's parent company), are the backbone of the internet. Damage to these subsea networks can result in widespread internet outages, reminiscent of the aftermath of the 2006 Taiwan earthquake.

The recent damage in the Red Sea follows warnings from the official Yemeni government about the potential targeting of cables by Houthi rebels. These Iranian-backed militants have previously disrupted global supply chains by attacking commercial vessels in the crucial waterway. While Israeli reports suggested Houthi involvement in the cable damage, rebel leader Abdel Malek al-Houthi denied these allegations, blaming British and US military units operating in the area for the destruction.

Prenesh Padayachee, Chief Digital Officer at Seacom, highlights the lengthy process of acquiring permits from the Yemeni maritime authority, estimating up to eight weeks for approval. Until repairs are complete, client traffic will continue to be rerouted to ensure uninterrupted service.

Among the affected networks is Asia-Africa-Europe 1, a 25,000-kilometre cable system connecting South East Asia to Europe via Egypt, and the Europe India Gateway (EIG), which has sustained damage. Vodafone, a major investor in EIG and a prominent mobile network operator in the United Kingdom has declined to comment on the situation.

In response to this disruption, it is essential to note that most large telecom companies rely on multiple undersea cable systems, allowing them to reroute traffic during outages to maintain uninterrupted service for users across the affected regions. The implications of this event underscore the vulnerability of our interconnected global communication infrastructure.

As Seacom and other stakeholders work towards repairing the damaged cables, the global community awaits a resolution to this critical issue that impacts the seamless flow of information across continents.


Read more »
User Privacy
Data Protection Bill Hackers Privacy SIM telecommunications User Privacy

Laws Regulating SIM Card Registration may Violate Private Data

The law protecting personal data in the Philippines was in the works, and it was ultimately passed. A wave of data security breaches in the nation, according to the administration, makes the new data protection measures essential.

Although it's fair to be concerned about internet theft, a progressive group called Bagong Alyansang Makabayan (Bayan) warned on Monday that the new law requiring SIM card registration could be abused to invade people's privacy.

"While abandoning privacy is a more difficult reaction, we are aware of the latest worries around internet scams. Any policy that would jeopardize the right to privacy should be viewed as dangerous," according to Renato Reyes, secretary-general of the Bayan organization. The Philippine government has a long history of violating human rights.

"The SIM register could develop into a huge network of surveillance used against people. Given that the Philippine government has experienced data leaks in the past, the data that is collected might not be kept secure," Renato Reyes stated.

President Ferdinand Marcos gave the SIM card law his first official signature since assuming office on June 30 early that day. It demonstrated the purpose of the Marcos administration to safeguard Filipinos from cybercrime, as per House Speaker Ferdinand Martin Romualdez.

Users of mobile phones are required by Republic Act No. 11934 to register their SIM cards with telecommunications companies. They would then be required to present legitimate identification cards as well as a fully completed registration form.

Those who were unable to produce a legitimate ID might instead show a clearance from the National Bureau of Investigation, a police clearance, or a birth certificate that had been approved by the Philippine Statistics Authority and had an ID photo on it.

Since authorities will be able to determine the owner of a SIM card used for the commission of a crime, even terrorism, supporters of the proposal believe it may be a tool against internet scams. Legislators recently found during hearings on text scams and spam messages sent to cell phones that insufficient regulations made it difficult for law enforcement to pursue cybercriminals.

Read more »
telecommunications
Cyber Crime ISP Linux SentineLabs Telecom telecommunications

Metador APT is Lurking ISPs and Telecom Entities

Researchers at SentinelLabs have discovered a threat actor identified as Metador which primarily targets universities, ISPs, and telecommunications in various Middle Eastern and African nations.

SentintelLabs researchers dubbed the organization Metador after the phrase 'I am meta' that exists in the malicious code as well as the fact that the server messages are often in Spanish. As per the findings revealed at the first-ever LabsCon security conference, the group is thought to have started operating in December 2020, but throughout the past few years, it has managed to remain undetected. 

SentinelLabs senior director Juan Andrés Guerrero-Saade claimed that despite sharing information on Metador with experts at other security companies and government partners, no one was aware of the group.

SentinelLabs researchers found Metador in a Middle Eastern telecommunications business that had been hacked by roughly ten threat actors, including Moshen Dragon and MuddyWater, who all hail from China and Iran. Metador's goal appears to be long-term espionage inventiveness. 

Along with two incredibly complex Windows-based viruses  "metaMain" and "Mafalda," that the gang uses – there are clues of Linux malware, according to the researchers at SentinelLabs.

The attackers loaded both malware into memory and decrypted it using the Windows debugging tool "cdb.exe."

Mafalda is a versatile implant that can support up to 67 commands. Threat actors have regularly updated it, and the more recent iterations of the threat are heavily disguised. The attacker can maintain a persistent connection, log keystrokes, download and upload arbitrary files, and run shellcode thanks to the robust feature set of metaMain, which is used independently.

Mafalda gained support for 13 new commands among two variations that were produced in April and December 2021, adding possibilities for credential theft, network espionage, and file system manipulation. This is proof that Mafalda is being actively developed by its developers.

Attack chains have also included unidentified Linux malware that is used to collect data from the infected environment and send it back to Mafalda. The intrusions' entrance vector has not yet been identified.

Running into Metador is a serious reminder that another category of threat actors still operates covertly and without consequence. Security product creators should seize the chance to actively design their products to keep an eye out for the most sophisticated, well-funded hackers.



Read more »
User Privacy
APT attacks Chinese Hackers Cyber Attacks Palo Alto Networks' Unit 42 telecommunications Trojan Attacks Unauthorized Websites User Privacy

 GALLIUM APT Deployed a New PingPull RAT

According to Palo Alto Networks researchers, the PingPull RAT is a "difficult-to-detect" backdoor that uses the Internet Control Message Protocol (ICMP) for C2 connections. Experts also discovered PingPull variations that communicate with each other using HTTPS and TCP rather than ICMP.

Gallium, a Chinese advanced Trojan horse (APT), has an ancient legacy of cyberespionage on telecommunications companies, dating back to 2012. In 2017, the state-sponsored entity, also called Soft Cell by Cybereason, has been linked to a broader range of attacks aimed at five major Southeast Asian telecom businesses. However, during the last year, the group's victimology has expanded to include financial institutions and government agencies in Afghanistan, Austria, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia, and Vietnam. 

A threat actor can use PingPull, a Visual C++-based virus, to gain access to a reverse shell and run unauthorized commands on a compromised computer. File operations, detailing storage volumes, and timestamping files are all part of it now. 

The researchers explained that "PingPull samples which use ICMP for C2 communications issue ICMP Echo Request (ping) packets to the C2 server." "The C2 server will send commands to the system by responding to these Echo queries with an Echo-Reply packet." 

PingPull variants that use HTTPS and TCP rather than ICMP to interact with its C2 server have been discovered, along with over 170 IP addresses associated with the company since late 2020. Although the threat actor is recognized to exploit internet-exposed programs to acquire an initial foothold and deploy a customized form of the China Chopper web shell to create persistence, it's not obvious how the targeted networks are hacked. 

Throughout Southeast Asia, Europe, and Africa, the GALLIUM trojan continues to pose a serious danger to telecommunications, finance, and government organizations. It is recommended all businesses use the results of researchers to inform the implementation of protective measures to guard against this threat group, which has deployed a new capability called PingPull in favor of its espionage efforts.
Read more »
User Security
100 million Data Breach telecommunications United States User Data User Privacy User Security

T-Mobile Acknowledged Breach of 100 Million Customers

 

T-Mobile announced a data breach on Monday after a hacking organization claimed to have gotten records of 100 million T-Mobile customers in the United States and sold some of the information on the dark web. The US wireless carrier said it couldn't say how many users were affected, but that it has started a "deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed."

T-Mobile is the brand name for the mobile communications companies of Deutsche Telekom AG, a German telecommunications firm. In the Czech Republic (T-Mobile Czech Republic), the Netherlands (T-Mobile Netherlands), Poland (T-Mobile Polska), and the United States (T-Mobile US). 

T-Mobile initially stated that it was investigating the hacker group's claim, but eventually admitted that at least some data had been acquired by the hackers. "We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved," a company statement said. "We are confident that the entry point used to gain access has been closed."

T-Mobile said it was conducting its own investigation into the incident with the help of digital forensic experts and was collaborating with law enforcement. According to media sources citing postings on dark web forums, the enormous breach allegedly includes sensitive personal information such as social security and driver's license numbers. 

Motherboard was given access to some of the data, and the publication confirmed that it contained correct information on T-Mobile subscribers. The seller told Motherboard that they had hacked into various T-Mobile servers. A subset of the data, containing around 30 million social security numbers and driver's licenses, is being sold on the forum for six bitcoin, while the rest is being sold privately. At current exchange rates, six bitcoins are worth about $280,000. 

The seller told Motherboard, “I think they already found out because we lost access to the backdoored servers.” He was referring to T-Mobile’s potential response to the breach. T-Mobile appears to have thrown them out of the hacked systems, according to the seller, but they had already downloaded the data locally. They stated, "It's backed up in multiple places." 

The firm has also stated that once the situation is more understood, it would “proactively communicate” with customers and stakeholders, but that the investigation will “take some time.”
Read more »
telecommunications
Data Breach Data Leak Ransomware ransomware attacks telecommunications

Orange Confirms Ransomware Attack Compromising Data of 20 Enterprise Customers


Orange, the fourth-largest mobile operator in Europe has confirmed that it fell prey to a ransomware attack wherein hackers accessed the data of 20 enterprise customers. The attack targeted the 'Orange Business Services' division and was said to have taken place on the night of 4th July and was continued into the next day, ie., 5th July.

Orange is a France based multinational telecommunications corporation having 266 million customers worldwide and a total of 1,48,000 employees. It is a leading provider of global IT and telecommunications services to residential, professional, and large business clients. It includes fixed-line telephone, mobile communications, Internet and wireless applications, data transmission, broadcasting services, and leased line, etc.

The attack was brought to light by Nefilim Ransomware who announced on their data leak site that they acquired access to Orange's data through their business solutions division.

In a conversation with Bleeping Computer, the company said, "Orange teams were immediately mobilized to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems." Orange further told that the attack that occurred on the night of 4th July affected an internal IT platform known as, "Le Forfait Informatique", it was hosting data belonging to 20 SME customers that were breached by attackers, however, there were no traces of any other internal server being affected as a result of the attack. Giving insights, Tarik Saleh, a senior security engineer at DomainTools, said, "Orange certainly followed best practices by promptly disclosing the breach to its business customers, who will need to take all the possible precautions to make their data unusable in future attacks: changing the password of their accounts and looking out for potential phishing or spear-phishing emails."

While commenting on the security incident, Javvad Malik, Security Awareness Advocate at KnowBe4, said that in these times, it is essential, "that organizations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won't bring back data that has been stolen."

"As part of this, organizations should implement a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware. This includes having technical controls, the right procedures, and ensuring staff has relevant and timely security awareness and training," he further added.
Read more »
telecommunications
BGP Hijacking CDN China Cloud Cyber Crime Rostelecom Russia Security telecommunications

BGP Hijacking Attacks Google, Amazon and Other Famous Networks' Traffic!


As per reports, a telecommunication provider that is owned by Russia rerouted traffic which was intended for the most imminent Content Delivery Networks (CDNs) and cloud host providers of the globe.

The entire re-direction kept on for around an hour during which it affected over 8,500 traffic routes of the internet. The concerned organizations happen to be few of the most celebrated ones.

Per sources, the brands range across well-known names like Cloudflare, Digital Ocean, Linode, Google, Joyent, Facebook, LeaseWeb, Amazon, GoDaddy, and Hetzner.

Reportedly, all the signs of this attack indicate towards its being a case of hijacking the Border Gateway Protocol, also known as, BGP hijacking. It is the illegitimate takeover of IP prefixes by a hijacker to redirect traffic.

This gives a lot of power in the hands of the hijacker because they could at any time “publish an announcement” stating that the servers of a particular company are on their network. As a result of which all of e.g. Amazon’s traffic would end up on the hijacker’s servers.

In earlier times when Hypertext Transfer Protocol wasn’t as widely used to encrypt traffic, BGP hijacking was a lucrative way to carry Man-in-the-Middle (MitM) attacks and catch and modify traffic.

But in recent times, analysis and decryption of traffic later in time has become easier because of BGP hijacking, as the encryption gets weaker with time.

This predicament isn’t of a new kind. It has been troubling the cyber-world for a couple of decades, mainly because they aim at boosting the BGP’s security. Despite working on several projects there hasn’t been much advancement in improving the protocol to face them.

Google’s network has been a victim of BGP hijacking by a Nigerian entity before. Researchers mention that it is not necessary for a BGP hijacking to be malicious.

Reportedly, “mistyping the ASN” (Autonomous System Number) is one of the other main reasons behind a BGP hijacking, as it is the code via which internet units are recognized and ends up accidentally redirecting traffic.

Per sources, China Telecom stands among the top entities that have committed BGP hijacking, not so “accidentally”. Another famous one on a similar front is “Rostelecom”.

The last time Rostelecom seized a lot of attention was when the most gigantic of financial players were victimized by BGP hijacking including HSBC, Visa, and MasterCard to name a few.

The last time, BGPMon didn’t have much to say however this time, Russian Telecom is in a questionable state, per sources. They also mention that it is possible for the hijack to have occurred following the accidental exposure of the wrong BGP network by an internal Rostelecom traffic shaping system.

Things took a steep turn when reportedly, Rostelecom’s upstream providers re-publicized the freshly declared BGP routes all across the web aggravating the hijack massively.

Per researchers, it is quite a difficult task to say for sure if a BGP hijacking was intentional of accidental. All that could be said is that the parties involved in the hijack make the situation suspicious.

Read more »
telecommunications
Chinese Hackers Cybereason Cyberespionage telecommunications

Chinese espionage campaign hit telecommunications firms around the world






Hackers have breached into the systems of more than a dozen global telecommunications companies and have to hold on a large amount of personal as well as corporate data, researchers from a cybersecurity company said on Tuesday.

Security researchers from a cybersecurity firm Cybereason, which is a collaboration of US-Israel, said that the attackers compromised companies in more than 30 countries. 

The main aim behind this espionage is to gather information about individuals who are working in government, law enforcement and politics. The group is linked to a Chinese cyber-espionage campaign.

The tools used by hackers were similar to other attacks which were carried out by Beijing, but the country denied of involvement in any kind of mischievous activity. 

Lior Div, chief executive of Cybereason. “For this level of sophistication, it’s not a criminal group. It is a government that has capabilities that can do this kind of attack,” he told Reuters.

Cybereason said in a blog post. “They built a perfect espionage environment. They could grab information as they please on the targets that they are interested in.”



“We managed to find not just one piece of software, we managed to find more than five different tools that this specific group used,” Div said.
Read more »
Subscribe to: Posts (Atom)