• SMS PVA Part 2: Underground Service for Cybercriminals

    February 27, 2022

    In part one, Trend Micro researchers extensively discussed SMS PVA and started investigating a particular service called ReceiveCode that our team first found on a Facebook advertisement. ReceiveCode offers users access to SMS code verification sent to mobile numbers that the company has in their storage. Customers simply need to sign up to their customer-facing portal, ...

  • SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification

    February 15, 2022

    There has been an increase in short message service (SMS) phone-verified account (PVA) services in the last two years. SMS PVA services provide alternative mobile numbers that customers can use to register for online services and platforms. These types of services help circumvent the SMS verification mechanisms widely used by online platforms and services to ...

  • Croatian phone carrier data breach impacts 200,000 clients

    February 11, 2022

    Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information. The type of information that ...

  • FBI: Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public

    February 8, 2022

    The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to ...

  • Telco fined €9 million for hiding cyberattack impact from customers

    February 1, 2022

    The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of ...

  • TianySpy Malware Uses Smishing Disguised as Message From Telco

    January 25, 2022

    It has been some time since SMS or text messaging has become a means to spread mobile malware. In September 2021, Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The chain is triggered by a smishing message that appears to be sent from a telecommunications company. It is ...

  • T-Mobile confirms SIM swapping attacks led to breach

    December 30, 2021

    T-Mobile has confirmed a data breach that was caused in part by SIM swapping attacks, according to a statement from the company. The T-Mo Report, a blog tracking T-Mobile, obtained internal reports showing that some data was leaked from a subset of customers. Some individuals had their customer proprietary network information (CPNI) leaked, which includes information about ...

  • An Investigation Into SS7 Exploitation Services On The Dark Web

    November 17, 2021

    In this latest investigative article SOS intelligence researchers will be taking a look at alleged SS7 exploitation services on the Dark Web and diving into their credibility using SOS Intelligence analytics toolkit. SS7 Significance & Background Signalling System 7 is a telecommunications protocol adopted internationally that defines how the network elements in a public switched telephone network ...

  • New Zealand spooks say satellite snooping is obsolete – better intel is found elsewhere

    November 11, 2021

    New Zealand’s Government Communications Security Bureau (GCSB) – the nation’s signals intelligence and infosec agency – will retire its Waihopai satellite communications interception station because it’s no longer needed. “The nature of telecommunications has changed, and other needs and capabilities have overtaken the sort of satellite communication interception that has been done at Waihopai,” said Andrew ...

  • Telnyx is the latest VoIP provider hit with DDoS attacks

    November 10, 2021

    Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday. Telnyx is a voice over Internet Protocol (VoIP) company that provides worldwide telephony services over the Internet, including in the Americas, EMEA, APAC, and Australia regions. Read more… Source: Bleeping Computer  

  • Meet Lyceum: Iranian hackers targeting telecoms, ISPs

    November 9, 2021

    Researchers have provided a deep dive into the activities of Lyceum; an Iranian threat group focused on infiltrating the networks of telecoms companies and internet service providers (ISPs). Lyceum, also known as Hexane, Siamesekitten, or Spirlin, has been active since 2017. The advanced persistent threat (APT) group has been linked to campaigns striking Middle Eastern oil ...

  • Cloudflare report highlights devastating DDoS attacks on VoIP services and several ‘record-setting HTTP attacks’

    November 5, 2021

    Cloudflare released its Q3 DDoS Attack Trends report this week, capping a record-setting quarter that saw a number of devastating attacks on VoIP services. Cloudflare researchers said they saw the several “record-setting HTTP DDoS attacks, terabit-strong network-layer attacks and one of the largest botnets ever deployed (Meris),” noting the emergence of ransom DDoS attacks on voice ...

  • LightBasin hacking group breaches 13 global telecoms in two years

    October 19, 2021

    A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years. Since 2019, the group hacked into more than a dozen telecommunication companies and maintained persistence through custom malware, to steal data that would serve intelligence organizations. LightBasin is active since at least 2016 and ...

  • Security Risks with Private 5G in Manufacturing Companies Part. 2

    October 15, 2021

    The steel industry is a prime area for installing Private 5G Private 5G is said to bring about the “democratization of communications.” This technology allows private companies and local governments to take the driving seat in operating the latest information communication systems. However, not all organizations have the knowledge and ability to deal with telecom technology, ...

  • Secure Manufacturing on Cloud, Edge and 5G

    October 13, 2021

    Global manufacturers need to digitize their manufacturing processes and transform their business into a digital enterprise. Digital manufacturing is an advancement that many businesses have been using, with 60% of factories already using the cloud (87% including businesses who will soon implement it) and 26% with Private 5G already implemented (67% including enterprises who will ...

  • ZTE widens bug bounty to focus on 5G security

    October 11, 2021

    ZTE has widened a bug bounty scheme to plug security vulnerabilities in its products, especially potential holes brought about by the launch of commercial 5G networks and services. The Chinese networking equipment vendor is working with bug bounty platform YesWeHack to test a range of products, including smartphones as well as cloud computing and database ...

  • Actors Target Huawei Cloud Using Upgraded Linux Malware

    October 8, 2021

    Trend Micro researchers have recently noticed another Linux threat evolution that targets relatively new cloud service providers (CSPs) with cryptocurrency-mining malware and cryptojacking attacks. In this article, they discuss a new Linux malware trend in which malicious actors deploy code that removes applications and services present mainly in Huawei Cloud. Specifically, the malicious code disables the ...

  • GhostEmperor: From ProxyLogon to kernel mode

    September 30, 2021

    While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over ...

  • phone services disrupted by DDoS extortion attack

    September 20, 2021

    Threat actors are targeting voice-over-Internet provider with a DDoS attack and extorting the company to stop the assault that’s severely disrupting the company’s operation. is an Internet phone service company that provides affordable voice-over-IP service to businesses around the world. Read more… Source: Bleeping Computer  

  • Russia’s Yandex suffers biggest cyberattack yet

    September 8, 2021

    Russian Internet corporation Yandex revealed on Tuesday that the company’s servers experienced the biggest known denial-of-service (DDoS) attack in Russia’s online space last weekend. Cloudflare, an American web infrastructure firm and a partner of Yandex confirmed the record large scale of the cyberattack. The spokesperson for Russia’s tech giant mentioned that a part of the nation’s ...