Cell phones are being attacked inside telephone offices – 01/14/2024 – Ronaldo Lemos

What do millions of Brazilians have in common with billionaire Jeff Bezos or the United States Securities and Exchange Commission, the dreaded SEC?

The answer is: everyone has been a victim of a virtual scam or cyberattack. We live in a time where it doesn’t matter if you are a billionaire, a government agency or an ordinary citizen. Everyone is equally vulnerable to overwhelmingly damaging digital attacks.

Last week proved just that. The American CVM’s X (Twitter) account was hacked. He posted a false message on January 9th that caused the price of bitcoin to jump 2.5%, only to then fall again, leading to a fake fluctuation in this market worth more than US$40 billion.

It was not the first time that Twitter (X) suffered a relevant attack. In 2020, a group of hackers managed to gain full control of the platform (“God mode”), which allowed them to take control of any account. They made posts on the profiles of Joe Biden, Obama, Musk, Bezos and others.

Both cases had the same attack vector: the collaboration of internal employees. In the case of Twitter, employees of the company itself handed over credentials to hackers.

In the case of the SEC, one of the most discussed theories is that the attack occurred through telephone company employees.

This type of attack is called “SIM swap”. In it, the perpetrator manipulates the telephone service provider to transfer his number to the attacker.

For example, the criminal “ports” the victim’s number to another device. From there, he uses his cell phone to obtain SMS codes and other forms of authentication that allow him to change passwords and access accounts.

As soon as the attack succeeds (sometimes within seconds), the attacker returns the number to the victim, who will not even realize how everything happened.

This type of scam can be carried out through social engineering, deceiving the company’s employees (in the store or in the call center). Or, what has become more common, by bribing telephone company employees to collaborate.

Many of these employees are paid low wages. When a criminal looks for them, they see the possibility of earning money that corresponds to years of salary in exchange for a single share. Many give in.

Billionaires or presidents of the Republic, government agencies or celebrities are customers of the same companies as the rest of us. And therefore equally vulnerable.

Several analyzes last week asked why phone companies don’t start offering a “premium” service in which cybersecurity is central.

Until then, the important thing is to defend yourself. Start by carrying out digital hygiene on all your accounts to deactivate any use of your phone as a form of authentication, whether through calls or SMS.

Instead, it’s better to use an authentication app or a physical “key fob” that can be read via USB or NFC on your cell phone. Unfortunately, there are services —such as WhatsApp— that do not allow you to do this, with the cell phone number being the main authentication factor.

Finally, ironically, one of the recommendations that the SEC makes for its regulated companies is precisely firm attention to cybersecurity. This recommendation now applies to herself. And for all of us.

reader

It’s over Thinking that cybersecurity is someone else’s problem

Already Billionaires, government agencies and ordinary people victims of cyberattacks

It’s coming Need for collaboration from all ends to have real cybersecurity

LINK PRESENT: Did you like this text? Subscribers can access five free accesses from any link per day. Just click the blue F below.