The anatomy of a malicious insider: how cyber criminals recruit insiders to attack telecoms providers

Published: Tuesday, 23 August 2016 08:48

Cyber criminals are using insiders to gain access to telecommunications networks and subscriber data, recruiting disaffected employees through underground channels or blackmailing staff using compromising information gathered from open sources, according to a Kaspersky Lab intelligence report into security threats facing the telecommunications industry.

Telecommunications providers are a top target for cyber attacks. They operate and manage the world’s networks, voice and data transmissions, and store vast amounts of sensitive data. This makes them highly attractive to cyber criminals in search of financial gain, as well as nation-state sponsored actors launching targeted attacks, and even competitors.

To achieve their goals, cyber criminals often use insiders as part of their malicious ‘toolset’, to help them breach the perimeter of a telecommunications company and perpetrate their crimes. New research by Kaspersky Lab and B2B International reveals that 28 percent of all cyber attacks, and 38 percent of targeted attacks now involve malicious activity by insiders. The intelligence report examines popular ways of involving insiders in telecoms-related criminal schemes and gives examples of the things insiders are used for.  

Compromising employees

According to the Kaspersky Lab researchers, attackers engage or entrap telecoms employees in the following ways:

The blackmailing approach has grown in popularity following online data breaches such as the Ashley Madison leak, as these provide attackers with material they can use to threaten or embarrass individuals. In fact, data leak related extortion has now become so widespread that the FBI issued a Public Service Announcement on 1 June warning consumers of the risk and its potential impact.

According to the Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks. However, insider threats can take all forms.

In order to protect the organization from insider threat, Kaspersky Lab advises the following:

www.kaspersky.co.uk