Telecom industry 'top target' for cyber-attacks using insiders

Cyber-criminals are increasingly targeting employees, in efforts to launch cyber attacks against businesses. Security researchers at Kaspersky Lab and B2B International have found that the telecommunications industry is particularly vulnerable to such threats and is a "top target" for cyber-attacks.

To achieve their goals, cyber-criminals often use insiders as part of their malicious ‘toolset’, to help them breach the perimeter of a telecommunications company and perpetrate their crimes.According to Kaspersky Lab, telecom providers are attractive targets for cyber criminals and state-sponsored hackers as they collectively oversee global networks, voice and data transmission and store colossal amounts of sensitive data. Researchers also noted that "28% of all cyber-attacks and 38% of targeted attacks now involve malicious activity by insiders".

"The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in a world where attackers don't hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare," said Kaspersky Lab security researcher Denis Gorchakov.

There are two basic means to entrap insiders. Firstly, a blackmailing approach using publically available or previously-stolen data sources to find compromising information on employees of the company they want to hack is adopted. The other way is recruiting willing insiders through underground message boards or through the services of “black recruiters”. These insiders are paid for their services and can also be asked to identify co-workers who could be engaged through blackmail.

There are, however, other ways that insider threats can end up making businesses vulnerable to cyber-attacks. According to Kaspersky Lab, "researchers noted two non-typical examples, one of which involved a rogue telecoms employee leaking 70 million prison inmate calls, many of which breached client-attorney privilege. In another example, an SMS centre support engineer was spotted on a popular DarkNet forum advertising their ability to intercept messages containing OTP (One-Time Passwords) for the two-step authentication required to log into customer accounts at a popular Fintech company".

Kaspersky warns that cyber-criminals are increasingly adopting the blackmail approach when targeting businesses, especially after the high-profile Ashley Madison leak. In fact, in June, the FBI released a public service announcement cautioning users of such blackmail scams and the potential dangers they pose.

The lab has also issued a four-point agenda against such insider threat:

• Educate your staff about responsible cyber-security behavior and the dangers to look out for, and introduce robust policies about the use of corporate email addresses;

• Use Threat Intelligence Services to understand why cyber-criminals might be looking at your company and to find out if someone is offering an insider “service” in your organization;

• Restrict access to the most sensitive information and systems;

• Do a regular security audit of the company’s IT infrastructure.