SIM card swap attacks: an inevitable battle as 5G wave arrives

The infrastructure of mobile phone operators is under attack. Because of the epidemic, most people choose to work from home, and global data usage is soaring. What is more worth mentioning is that 5G products will be launched this year, and this new technology has given everyone more choices.

But this year, for reasons known to everyone, the outbreak of COVID-19 has plunged the world into crisis, and the last thing we want is a major vulnerability in the Internet, because we are now more dependent on mobile phones than usual, both for personal use and business.

[[332611]]

It is because of today’s situation that mobile devices have become the focus of hackers because it holds an individual and its multiple forms of identification, such as which applications the user uses, the time spent on the device, the location, and even the fingerprint that contains what features are running.

Therefore, bad actors have begun to exploit this data, and SIM swap scams have increased by 220% since 2017. Scammers are good at collecting victim data through the following channels: for example, from phishing emails, or purchasing personal data from organized crime groups, or directly using social engineering vulnerabilities.

Once the scammers have the necessary details, they contact the victim's mobile phone provider and, through social engineering techniques (such as calling and stating the victim's personal information), convince the phone company to link the victim's phone number to the scammer's own SIM card.

For example, by impersonating a victim, claiming that they have lost their phone, and then requesting a new SIM card from the operator and activating it.

[[332612]]

SIM swap fraud is an account takeover that typically targets weaknesses in two-factor authentication and two-step verification. At its core, the scam exploits the ability of mobile phone carriers to seamlessly move a phone number to a new SIM card.

Such attacks are now common, and there are scams of this kind all over the world. Cybercriminals use them to steal credentials and intercept SMS messages to send OTPs (one-time passwords), and most importantly, their goal is to cause financial losses to the victims:

The scammers trick the automated systems (because they have most of the victim's personal information); when they call the bank's live customer service, they pretend to be the victim and provide personal information. Even worse, they can use the hijacked phone number to access the victim's emails and files.

Scammers target mobile phone numbers, so any phone number that has contact with the victim is a potential victim because they have an ideal mechanism for intrusion.

Even though GDPR requires notification within 72 hours of discovering a breach, searching millions of records is unrealistic and what is needed is to reduce the number to a manageable size.

Traditional security detection methods include firewalls and server logs to identify any unusual behavior. If the data is outside the company network, such as in the cloud or on a personal computer, it will be more difficult to detect if a data breach or theft has occurred, which means that uninformed employees will take longer to make a decision.

Therefore, it is necessary to update the system in time and download reliable security software. If the SIM card swap has been identified, the security platform may check other marks, such as the SIM card identification change date.

If the mobile operator can be contacted within a relatively short period of time after the data is stolen, the platform can extract the associated number and its corresponding records for a more in-depth investigation.

[[332613]]

Such as the current location, to whom the data was transferred, and whether a third party (such as a bank) was involved. If these trends and targeted data change, remember to feedback the data to the investigation team in a timely manner.

In the current environment, speed of investigation is crucial. Because the number of similar victims is huge and each is different, in the era of big data, doing things quickly without taking up a lot of data has become a huge challenge.

It is recommended that operators automate the SIM card swap process for security reasons and have access to multiple data sets for inspection, which is crucial to reducing losses caused by data breaches and combating cybercrime; or banks establish unique security verification in the event of a data breach and do not actively pay the ransom.

[Editor: Zhao Ningning TEL: (010) 68476606]