A threat intelligence report has identified some of the evolving tactics being used to pilfer this highly-marketable data.

The recent incident on enterprise content firewall provider, Accellion in facilitating a breach of SingTel’s customer data, has shed light on the importance of securing third-party vendors.

Especially in the telecommunications (telco) industry, such breaches can potentially result in large repercussions beyond the industry because the pervasive use of telco services can impact other companies’ external internet traffic and customer relationships.

According to a report by threat intelligence firm IntSights, personally identifiable information (PII) possessed by telcos are extremely valuable. Once the information is obtained, criminals can use this data for various fraudulent purposes. In Asia, IntSights data has found that a cybercriminal had offered to sell network access for what was described as the largest telco service provider for five bitcoins (equivalent of approximately US$95,000 at the time) in late 2020.

The report also analyzes the evolving tactics that threat actors use to breach telecommunications companies:

Web tutorials on cloning SIM cards are easily available to hackers
  1. Telco providers’ administrative and VPN access data are being sold on underground criminal forums or by insider threats. This has led to the growth in SIM swapping attacks to gain unauthorized access to the networks of mobile service providers, by enabling criminals to reroute SMS-based 2FA messages to the possession of attackers. Furthermore, tutorials for SIM swapping attack techniques are readily available for sale on underground criminal forums.
  2. State-sponsored attacks of telcos are rampant to inflict cyber-espionage via of signals intelligence over phone and internet communications. In 2019 and 2020, the Iranian cyber espionage group Greenbug targeted South Asian telecommunications service providers and repeatedly used PowerShell commands to download and execute payloads to expand its access in the compromised network.
  3. The PII of telco customers can be used by state-sponsored threat actors for a variety of intelligence purposes including technical monitoring of communications. Criminals also sell PII and employee data on underground forums for profit.

This is a repeated wake-up call for telcos and government cybersecurity agencies to plug the gaps before disaster occurs.