Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Telecom. Show all posts
Telecom
Cyber Security Cybersecurity Infrastructure Security SIM surveillance Telecom

Government Plans SIM Card Replacement Amid Security Concerns Over Chinese-Made Chipsets

 

The Indian government is actively assessing the feasibility of a nationwide SIM card replacement program as part of broader efforts to enhance digital and telecom security. Authorities are currently evaluating the scale of the issue and may soon introduce detailed guidelines on the rollout. The move, if executed, could impact millions of mobile users still operating with SIM cards issued years ago.

The initiative is part of a larger investigation led by the National Cyber Security Coordinator (NCSC), following concerns about the security risks posed by chipsets embedded in SIM cards reportedly sourced from Chinese vendors. According to a report by Mint, the Ministry of Home Affairs has raised red flags over the potential misuse of personal information due to these chipsets.

“The investigation is being done collectively under NCSC involving DoT, MHA, and other stakeholders to identify the entry of such chips in the market and the extent of SIM cards with chips of Chinese origin. It seems even telecos were not aware of the procurement by their vendors,” the Mint reported, citing official sources.

As part of this investigation, the government is exploring technological and legal hurdles that may arise if the replacement plan is greenlit. Key telecom operators, including Vodafone Idea, Bharti Airtel, and Reliance Jio, have reportedly been consulted to discuss possible security loopholes that may surface during the swap process.

In addition to SIM replacement, authorities are also looking to tighten import controls on telecom equipment. Only suppliers from vetted, reliable sources may be allowed to contribute to India's telecom infrastructure moving forward.

Legal Framework Supporting the Move
The Telecommunications Act of 2023 provides the government with the authority to restrict, suspend, or ban telecom equipment or services if they are found to pose a threat to national security.

“Procurement of telecommunication equipment and telecommunication services only from trusted sources,” Section 21 of the Telecom Act, 2023 states.

Before this legislation, the Department of Telecommunications (DoT) had already implemented licensing rules that factored in defence and national security considerations when sourcing telecom hardware. Under these rules, telecom service providers are permitted to buy only from "trusted sources" and must seek prior approval from the National Cyber Security Coordinator.
Read more »
Telecom
Beeline Cyber Attacks DDOS Attacks Internet Russia Telecom

Russian Telecom Company "Beeline" Hit, Users Face Internet Outage

Russian Telecom Company "Beeline" Hit, Users Face Internet Outage

Internet outage in, telecom provider attacked

Users in Russia faced an internet outage in a targeted DDoS attack on Russian telecom company Beeline. This is the second major attack on the Moscow-based company in recent weeks; the provider has over 44 million subscribers.

After several user complaints and reports from outage-tracking services, Beeline confirmed the attack to local media.

According to Record Media, internet monitoring service Downdetector’s data suggests “most Beeline users in Russia faced difficulties accessing the company’s mobile app, while some also reported website outages, notification failures and internet disruptions.” 

Impact on Beeline

Beeline informed about the attack on its Telegram channel, stressing that the hacker did not gain unauthorized access to consumer data. Currently, the internet provider is restoring all impacted systems and improving its cybersecurity policies to avoid future attacks. Mobile services are active, but users have cited issues using a few online services and account management features.

Rise of threat in Russia

The targeted attack on Beeline is part of a wider trend of cyberattacks in Russia; in September 2024, VTB, Russia’s second-largest bank, faced similar issues due to an attack on its infrastructure. 

These attacks highlight the rising threats posed by cyberattacks cherry-picking critical infrastructures in Russia and worldwide.

Experts have been warning about the rise in intensity and advanced techniques of such cyberattacks, damaging not only critical businesses but also essential industries that support millions of Russian citizens. 

Telecom companies in Russia targeted

How Beeline responds to the attack and recovers will be closely observed by both the telecom industry and regulators. The Beeline incident is similar to the attack on Russian telecom giant Megafon, another large-scale DDoS attack happened earlier this year. 

According to a cybersecurity source reported by Forbes Russia, the Beeline attack in February and the Megafon incident in January are the top hacktivist cyberattacks aiming at telecom sectors in 2025. 

According to the conversation with Forbes, the source said, “Both attacks were multi-vector and large-scale. The volume of malicious traffic was identical, but MegaFon faced an attack from 3,300 IP addresses, while Beeline was targeted via 1,600, resulting in a higher load per IP address.”

Read more »
TRAI
COAI Cybeattacks Cyber Crime cyber threat CyberCrime Cyberhackers Cyberscam Cybersecurity TCCCPR Telecom TRAI

TRAI Enforces Stricter Regulations to Combat Telemarketing Spam Calls

 


There has been a significant shift in the Telecom Regulatory Authority of India (TRAI)'s efforts to curb spam calls and unsolicited commercial communications (UCC) as part of its effort to improve consumer protection, as TRAI has introduced stringent regulations. These amendments will take effect on February 12, 2025, and prohibit the use of 10-digit mobile numbers for telemarketing purposes, addressing the growing concern that mobile users have with fraudulent and intrusive messages.

To ensure greater transparency in telemarketing practices, the Telecom Regulatory Authority of India (TRAI) has enforced several measures that aim to ensure communication integrity while increasing the intelligence of telemarketers. A comprehensive consultation process was undertaken by the Telecom Regulatory Authority of India (TRAI), which involved a comprehensive stakeholder consultation process for the approval of changes to the Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, as a result of which significant changes have been made. This revision is intended to protect consumers against unsolicited commercial communications (UCCs) as well as to enhance compliance requirements for the providers of telecom services. 

Cellular Operators Association of India (COAI,) however, has expressed its concern over the updated regulation, especially about the penalties imposed on service providers as a result of it. The second amendment to the TCCCPR allows consumers to lodge complaints up to seven days after receiving the call or message, allowing them greater flexibility in reporting spam calls and messages for the second amendment. Furthermore, because of the new regulations, individuals are now able to lodge complaints without the need to first register their preferences for communication. 

Additionally, telecom operators are required to respond to complaints within five business days, a substantial reduction from the previous deadline of 30 days. A new set of stricter enforcement measures imposed by the law mandates that senders who receive five complaints within ten days must be held accountable for the complaint. To further safeguard consumer interests, telecom service providers will now be required to provide users with the option of opting out of all promotional emails. 

TRAI has also mandated a standard messaging format, which requires message headers to contain specific codes that indicate that they are promotional, service-related, transactional, or government-related. This structured labelling system aims to enhance transparency and help users distinguish between different types of communication by adding a structured llabellingsystem to their communication systems. 

As a part of the regulatory framework implemented by the Telecom Regulatory Authority of India (TRAI) to improve transparency and curb unsolicited commercial communications (UCCs), 10-digit mobile numbers will no longer be allowed to be used for commercial purposes. A telemarketer is required to use a series of designated numbers for promotional and service calls, ensuring that the two are clearly distinguished.

It is expected that the existing ‘140’ series will remain available for promotional purposes while the newly launched ‘1600’ series will be used for transactional and service-related communications. TRAI has also removed the requirement for the consumer to pre-register their communication preferences in advance of lodging a complaint against spam messages and unwanted phone calls from unregistered senders as part of its anti-spam practices.

In addition to simplifying the complaint process, TRAI has also expanded the reporting period from three days to seven days to improve user convenience in reporting violations, providing consumers with more flexibility in reporting complaints with essential details. To further strengthen consumer protection, TRAI has extended the complaint reporting window from three days to seven days, thus creating an environment of greater flexibility for users. 

There has been a significant reduction in the timeframe for telecom operators to respond to UCC complaints, which was previously 30 days, down to five days now. Further, the threshold for penalizing senders has been lowered as well, with only five complaints within ten days instead of the earlier benchmark of ten complaints within seven days, requiring penalties to be imposed. To improve accessibility and foster consumer engagement, the government is now requiring that mobile applications and official websites of telecom service providers prominently display complaint registration options as a means of promoting consumer engagement. 

Several regulatory initiatives have been taken to improve the accountability, transparency, and consumer-friendly nature of the telecommunications sector while also making sure the anti-spam directives are strictly followed. A stringent series of measures has been introduced by the Telecom Regulatory Authority of India (TRAI) to counter the rising threat of spam calls and to prevent malicious entities from misusing SMS headers and content templates to forward fraudulent or deceptive messages to subscribers. 

Several initiatives are being implemented by the TRAI that will ensure that consumer interests are protected and a safer and more transparent messaging environment is established. To ensure compliance with telemarketing regulations, TRAI has mandated strict penalties for entities making unauthorized promotional calls that violate telemarketing regulations. A violation of these terms can result in severe consequences such as the disconnection of all telecommunications resources for a period of up to two years, a blacklisting for up to two years, and a prohibition on acquiring any new telecommunications resources during the period of blacklisting. 

More than 800 entities and individuals have been blacklisted as a result of these measures, and over 1.8 million SIP DIDs, mobile numbers, and other telecommunications resources have been deactivated as a consequence. As a consequence, fraudulent commercial communications have been eliminated in large part. TRAI's directives call for access providers to list URLs, APKs, and links to OTTs within SMS content, and we have implemented this requirement with effect from October 1, 2024, to further enhance consumers' protection.

In an attempt to ensure consumer safety, a regulation moving forward will limit the use of links in text messages that have been verified and authorized by the user, thereby reducing the risk of consumers being exposed to harmful websites, fraudulent software, and other online risks. The '140xx' numbering series is further enhanced by migrating all telemarketing calls that originate from this series of numbers to the Distributed Ledger Platform (Blockchain) platform. In this way, the surveillance and control of telemarketing activities can be improved. 

There have also been advances in technical solutions being deployed by access providers to improve traceability to ensure that every entity involved in the message transmission, from the initial sender through to the final recipient, is accounted for within the chain of communication. Any traffic containing messages that omit a clearly defined chain of telemarketers and can be vverifiedor deviate from the pre-registered framework will be automatically rejected as of December 1, 2024. Several significant advancements are being made in regulatory oversight in the telecom sector as a result of these measures. Consumer protection is reinforced,d and accountability is enhanced within the industry as a result of these measures. 

To ensure that consumers have an easier and more convenient way to report unsolicited commercial communications violations, telecom service providers are required to prominently display complaint registration options on their official websites and mobile applications, making the complaint system more user-friendly and accessible for them. As part of this initiative, consumers will have the opportunity to easily flag non-compliant telemarketing practices, allowing the complaint process to be streamlined. Furthermore, service providers must provide consumers with a mandatory ‘opt-out’ option within all promotional messages to give them greater control over how they want to communicate. 

The new Consumer Rights Rule establishes a mandatory 90-day waiting period before marketers can re-engage users who have previously opted out of receiving marketing communication from a brand before re-initiating a consent request for them. By implementing this regulatory measure, the telecom industry will be able to protect consumers, eliminate aggressive advertising tactics, and develop a more consumer-centric approach to commercial messaging within its infrastructure.

It was announced yesterday that the Telecom Regulatory Authority of India (TRAI) has introduced stringent compliance requirements for access providers to make sure unsolicited commercial communications (UCC) are curbed more effectively. This new set of guidelines requires telecom companies to comply with stricter reporting standards, with financial penalties imposed on those companies that fail to accurately report UCC violations. 

According to the punishment structure, the initial fine of 2 lakh rupees for a first offence is followed by a fine of 5 lakhs for the second offence and a fine of 10 lakhs for subsequent violations. There has been a move by access providers to further enhance the level of regulatory compliance by mandating that telemarketers place security deposits that will be forfeited if any violation of telemarketing regulations occurs. A telecom operator may also be required by law to enter into legally binding agreements with telemarketers and commercial enterprises, which will explicitly define and specify their compliance obligations, as well as enumerating the repercussions of non-compliance. 

This means that reducing spam levels will be a major benefit for businesses while ensuring that they can communicate through authorized, transparent, and compliant channels, leading to a significant reduction in spam levels. TRAI aims to increase the consumer safety and security of the telecommunications ecosystem by enforcing these stringent requirements while simultaneously balancing regulatory oversight with legitimate business needs to engage with customers by the means approved by TRAI.
Read more »
United States
Chinese Hackers Cyber Security OFAC Telecom United States

Chinese Hackers Target U.S. Treasury Sanctions Office

 


A major cybersecurity breach has been reported against the U.S. Treasury Department, specifically its Office of Foreign Assets Control (OFAC). OFAC, which oversees trade and economic sanctions, was accessed by Chinese state-backed hackers in what officials have described as a "major incident."  

How the Attack Happened

The breach was through a vulnerability in BeyondTrust, a remote support software used by the Treasury. Hackers exploited this platform to gain unauthorized access to sensitive government systems. OFAC was their primary focus, likely because of its role in managing sanctions against foreign entities, including Chinese individuals and organizations.

OFAC was originally created in 1950 in the Korean War to block assets from China and North Korea. Today, it remains a very central part of U.S. sanctions enforcement. This makes OFAC a high-value target for espionage. 

Impact of the Breach

According to the reports, in addition to OFAC, the hackers accessed the Treasury's Office of Financial Research. Officials have so far confirmed that the compromised systems have been secured, and the hackers do not have access any longer. The extent of data stolen or misused is yet to be determined.  

The same hacking crew, which identified itself as the "Salt Typhoon," also has been identified with earlier incidents of hacking other major U.S. telecom firms, including Verizon and AT&T, whose breaches enabled illicit access to customers' communications-affecting contents such as sent text messages or calls, among others-as well as wiretaps conducted by police.

Salt Typhoon is not limited to the United States, as there have been reports of similar breaches in telecommunications networks of several countries. This has shown weaknesses in crucial communication infrastructure. 

In response to these incursions, U.S. officials have called for more stringent cybersecurity measures. CISA has suggested using encrypted messaging apps such as Signal to secure communications. Moreover, lawmakers are thinking of banning China Telecom's remaining operations in the U.S.

Senator Ron Wyden also introduced new legislation to ensure the US telecom system's security. All these steps are taken to avoid such breaches in the future and to prevent the sensitive data pertaining to the government and private institutions, which would have been accessed by the state-funded cyberattacks. This was a highly sophisticated cyber-espionage campaign, thus proving the explicit necessity for security measures.



Read more »
Telecom
CyberCrime Cyberhackers Cybersecurity Cyberthreats FBI. Cyberespionage Hackers Technology Telecom

Telecom Networks on Alert Amid Cyberespionage Concerns

 



The U.S. Federal Government has called on telecommunication companies to strengthen their network security in response to a significant hacking campaign allegedly orchestrated by Chinese state-sponsored actors. 

The campaign reportedly allowed Beijing to access millions of Americans' private communications, including texts and phone conversations. In a joint advisory, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) outlined measures to help detect and prevent such cyber-espionage activities. Extent of the Breach Remains Unclear According to officials, the full scale of the breach and whether Chinese hackers still have access to U.S. networks remain unknown. The announcement was coordinated with security agencies in New Zealand, Australia, and Canada—members of the Five Eyes intelligence alliance—signaling the global reach of China's hacking activities. 

The FBI and CISA revealed that Chinese hackers breached the networks of several U.S. telecom companies. These breaches enabled them to collect customer contact records and private communications. Most targeted individuals were involved in government or political activities. 

Key Findings:
  • Hackers accessed sensitive information under law enforcement investigations or court orders.
  • Attempts were made to compromise programs governed by the Foreign Intelligence Surveillance Act (FISA), which allows U.S. spy agencies to monitor suspected foreign agents' communications.
Salt Typhoon Campaign The campaign, referred to as Salt Typhoon, surfaced earlier this year. Hackers used advanced malware to infiltrate telecom networks and gather metadata, such as call dates, times, and recipients. 
 
Details of the Attack:
  • Limited victims had their actual call audio and text data stolen.
  • Victims included individuals involved in government and political sectors.
While telecom companies are responsible for notifying affected customers, many details about the operation remain unknown, including the exact number of victims and whether the hackers retain access to sensitive data. 
  
Recommendations for Telecom Companies 

Federal agencies have issued technical guidelines urging telecom companies to:
  1. Encrypt Communications: Enhance security by ensuring data encryption.
  2. Centralize Systems: Implement centralized monitoring to detect potential breaches.
  3. Continuous Monitoring: Establish consistent oversight to identify cyber intrusions promptly.
CISA's Executive Assistant Director for Cybersecurity, Jeff Greene, emphasized that implementing these measures could disrupt operations like Salt Typhoon and reduce future risks. 

China's Alleged Espionage Efforts 
 
This incident aligns with a series of high-profile cyberattacks attributed to China, including:
  • The FBI's September disruption of a botnet operation involving 200,000 consumer devices.
  • Alleged attacks on devices belonging to U.S. political figures, including then-presidential candidate Donald Trump, Senator JD Vance, and individuals associated with Vice President Kamala Harris.
The U.S. has accused Chinese actors of targeting government secrets and critical infrastructure, including the power grid. 

China Denies Allegations 
 
In response, Liu Pengyu, spokesperson for the Chinese embassy in Washington, dismissed the allegations as "disinformation." In a statement, Liu asserted that China opposes all forms of cyberattacks and accused the U.S. of using cybersecurity as a tool to "smear and slander China." 

As cyber threats grow increasingly sophisticated, the federal government’s call for improved network security underscores the importance of proactive defense measures. Strengthened cybersecurity protocols and international cooperation remain critical in safeguarding sensitive information from evolving cyber-espionage campaigns.
Read more »
Telnet
Cyber Attacks DDOS Attacks Matrix Telecom Telnet

Could Your Device Be Caught in the Matrix Cyber Attack?

 



A recent report has outlined a large-scale cyberattack widely referred to as the Matrix campaign. This attack has put in jeopardy an estimated 35 million internet-connected devices across the globe. "This attack contributes to slowing down internet connections to homes and exposes businesses to data breaches, operational interruptions, and reputational damage among others," said Aqua Security's threat intelligence team.

The Matrix campaign is a threat that has been orchestrated by an actor called Matrix. The attack leverages vulnerabilities and weak security practices in the devices like home routers, surveillance cameras, and enterprise systems. According to experts, this attack signifies an emerging trend of IoT device and enterprise infrastructure targeting in order to build botnets for DDoS attacks.


How the Matrix Attack Works

They take advantage of the openly available hacking tools, poor passwords, and misconfiguration to enter devices. Methods used are brute-force attacks and exploitation of hardcoded default credentials such as "admin:admin" or "root:camera." Once a device is compromised, it joins a botnet—a network of hijacked devices that can be used to carry out large-scale cyber attacks like DDoS, overwhelming targets with traffic.

Matrix is not only targeting the home router but also, for instance, the Telecom equipment and server infrastructure are under attack through common protocols and applications such as Telnet, SSH, and Hadoop. Even software development life cycle servers are vulnerable to attack; it has proven an evolution of cybercrime through the exploitation of corporate vulnerabilities. 


A Cybercrime Evolution: Low Skills, Big Impact

The scariest part of the Matrix attack is that it seems to be the handiwork of a lone, somewhat novice hacker known as a "script kiddie." This attacker, with the aid of widely available AI tools and ready-to-use hacking software, has mounted an unprecedented campaign around the globe.

According to Aqua Security, this attack highlights the ease with which low-skilled hackers can now execute sophisticated attacks, underscoring the growing danger of poorly secured devices.  


How to Protect Yourself

To safeguard your devices from becoming part of a botnet, it is essential to take the following precautions:  

1. Update Firmware: Ensure your router and other devices run the latest software updates.

2. Strengthen Passwords: Replace default credentials with strong, unique passwords. 

3. Secure Access: Where possible, use additional security measures such as two-factor authentication.


Having addressed these vulnerabilities, the users can secure their devices from further attacks. The Matrix campaign reminds everyone that in today's networked world, proper cybersecurity is essential.


Read more »
wiretapping
CALEA China Cybersecurity Data Breach Encryption Hackers Privacy surveillance Telecom wiretapping

China-backed Hackers Breach U.S. Telecom Wiretap Systems, Sparking Security Concerns

 

China-backed hackers infiltrated wiretap systems of multiple U.S. telecom and internet providers, reportedly seeking to collect intelligence on American citizens. This revelation has raised alarm in the security community.

Wiretap systems, required by a 30-year-old U.S. federal law, allow a small number of authorized employees access to sensitive customer data, including internet activity and browsing history. These systems, now compromised, highlight long-standing concerns about their vulnerability.

Security experts had long warned about the risks of legal backdoors in telecom systems. Many saw this breach as an inevitable outcome of such vulnerabilities being exploited by malicious actors. Georgetown Law professor Matt Blaze remarked that this scenario was “absolutely inevitable.”

According to the Wall Street Journal, the hacking group, Salt Typhoon, accessed systems used by major U.S. internet providers like AT&T, Lumen, and Verizon. The group reportedly collected large amounts of internet traffic, and a U.S. government investigation is now underway.

The hackers' goals remain unclear, but experts believe the breach could be part of a larger Chinese effort to prepare for potential cyberattacks in the event of conflict, possibly over Taiwan. The intrusion reinforces the dangers of security backdoors.

Riana Pfefferkorn, a Stanford academic, pointed out that this hack exposes the risks of U.S. wiretap systems, arguing that these measures jeopardize citizens’ privacy rather than protecting them. She advocates for increased encryption as a solution to these vulnerabilities.

The compromised wiretap systems are part of the Communications Assistance for Law Enforcement Act (CALEA), a law enacted in 1994 to help the government access telecom data through lawful orders. However, this system has become a target for hackers and malicious actors.

After 9/11, U.S. surveillance laws expanded wiretapping to collect intelligence, sparking an entire industry dedicated to facilitating these operations. Yet, the extent of government access to private data was only exposed in 2013 by whistleblower Edward Snowden.

Post-Snowden, tech giants like Apple and Google began encrypting customer data to prevent unauthorized access, even from government agencies. However, telecom companies have been slower to follow suit, leaving much U.S. phone and internet traffic vulnerable to wiretapping.

Governments worldwide continue to push for legal backdoors into encrypted systems. In the EU, for example, proposed laws aim to scan private messages for illegal content, raising security concerns among experts.

Signal, the encrypted messaging app, warned of the dangers of backdoors, pointing to the Chinese hacking incident as an example of why such measures pose severe cybersecurity risks. Meredith Whittaker, Signal’s president, stressed that backdoors cannot be restricted to just "the good guys."

Blaze called the CALEA law a cautionary tale, emphasizing the dangers of building security systems with inherent vulnerabilities.
Read more »
TSP
AI technology Cyber Security DoT Mobile Connection SIM Spoofed Calls Telecom Telecommunication TSP

India Disconnects 1.77 Crore Mobile Connections Using AI Tools, Blocks 45 Lakh Spoofed Calls

 

The Indian government has disconnected over 1.77 crore mobile connections registered with fake or forged documents using AI-powered tools, according to a recent announcement by the Department of Telecommunications (DoT). The AI-based system has identified and blocked 45 lakh spoofed international calls, preventing them from entering the Indian telecom network. This initiative is part of a larger effort to curb telecom fraud and cybercrime, with four telecom service providers collaborating with DoT to implement a more advanced two-phase system. 

In the first phase, the system blocks spoofed calls at the telecom service provider (TSP) level, targeting those that attempt to use numbers from the provider’s own subscribers. In the second phase, a centralized system will be introduced to tackle spoofed calls using numbers from other TSPs, thereby ensuring more comprehensive protection. The Ministry of Communications announced that this centralized system is expected to be operational soon, enhancing the safety of Indian telecom subscribers. Alongside these efforts, the government has disconnected 33.48 lakh mobile connections and blocked 49,930 mobile handsets, particularly in districts considered to be cybercrime hotspots. About 77.61 lakh mobile connections exceeding the prescribed limits for individuals were also deactivated. 

The AI tools have further enabled the identification and blocking of 2.29 lakh mobile phones involved in fraudulent activities or cybercrime. Additionally, the DoT traced 12.02 lakh out of 21.03 lakh reported stolen or lost mobile phones. It also blocked 32,000 SMS headers, 2 lakh SMS templates, and 20,000 entities engaged in malicious messaging activities, preventing cybercriminals from sending fraudulent SMSs. Approximately 11 lakh accounts linked to fraudulent mobile connections have been frozen by banks and payment wallets, while WhatsApp has deactivated 11 lakh profiles associated with these numbers. 

In an effort to curb the sale of SIM cards issued with fake documents, 71,000 Point of Sale (SIM agents) have been blacklisted, and 365 FIRs have been filed. These measures represent a significant crackdown on telecom-related cybercrime, demonstrating the government’s commitment to making India’s telecom sector more secure through the use of advanced technology. The upcoming centralized system will further bolster this security, as it will address spoofed calls from all telecom providers.
Read more »
TRAI
Airtel Cyber Attacks CyberCrime Cyberfraud Cyberhackers Cyberspam CyberThreat DoT Malicious calls SMS Telecom TRAI

India Launches New Initiatives to Combat Spam and Cyber Fraud

 


There is a renewed effort underway in the fight against spam and unsolicited commercial communication as the Department of Telecom (DoT), the telecom regulator Trai, and private telecommunication companies are launching new programs to combat cyber fraud and phishing attacks that are on the rise. 

Several regulatory agencies have been working hard to crack down on spammers and block the numbers of individuals who are engaging in fraudulent activities as detected by Trai and the DoT. It has been reported that the Trai and DoT have been targeting spammers and blocking numbers that seem suspicious. 

Additionally, they have met with representatives from telecom companies to establish new rules regarding vigilance and curbing unwanted activities to control them more effectively. The company has developed an AI-driven tool that helps identify spam and sends an alert to customers if it detects it. A blockchain-based spam control system has been rolled out by Vodafone Idea as part of its SMS spam control program. 

As part of Bharti Airtel's campaign to handle the issue of spam for customers, the company launched India's first network-based, AI-powered spam detection solution on Wednesday. It has been a long time since they met with top representatives from telecom companies and asked them to be vigilant against these criminal activities as well as stipulating new rules to counter them in the future. 

A report issued by the Telecom Regulatory Authority of India and the Department of Telecommunications has indicated that over a crore fraudulent mobile connections have been disconnected, as well as 2.27 lakh handsets that are subject to financial fraud and cybercrime. According to Trai, mobile operators have been encouraged to disconnect telecom resources that are used for bulk spam calls and they have stated that such entities could be blacklisted for up to two years if they are not disconnected. 

Furthermore, telecom companies will be required to check all SMS transmissions containing non-whitelisted URLs, to reduce the misuse of SMS headers and templates and, as a result, ensuring that standard SMS protocols are followed. Trai has mandated as of November 1, all telecommunications operators shall ensure the traceability of messages from the point of origin to the point of destination. 

 According to Airtel CEO Gopal Vittal, spam has become a menace for its customers. It is believed that the entire industry needs to work together to resolve this problem comprehensively... (and) to shield our customers from the continuous onslaught of intrusive and unwanted communications. The Vodafone Idea announced that it will launch soon a URL whitelisting platform, stating, "Vi is participating actively on the topic along with the TRAI, COAI, and other relevant groups.". 

Airtel's data scientists are using a proprietary algorithm to identify and classify calls and SMSs as 'suspected SPAM' through the AI-powered solution developed in-house by Airtel's data scientists. A network powered by artificial intelligence analyzes, in real-time, several parameters including the usage patterns of the caller or sender, the frequency of calls and SMS, and the duration of the calls, among other factors. 

As a result of comparing the information you provide with this information with known spam patterns, the system can flag suspicious calls and SMSs. Further, Airtel has developed a system that notifies customers when malicious links are sent via SMS. To achieve this, Airtel has built a centralized database of blacklisted URLs, and every SMS is scanned in real-time by an AI algorithm to alert users in order not to click on those links accidentally.
Read more »
TRAI
Spam Calls Technology Telecom TRAI

Combating Telecom Fraud: Trai and DoT’s Joint Effort Against Spam Calls

Combating Telecom Fraud: Trai and DoT’s Joint Effort Against Fraudulent Connections

Telecom Regulatory Authority of India (Trai) and the Department of Telecom (DoT) have jointly disconnected over 1 crore mobile connections. This initiative is part of a broader strategy to curb spam calls, reduce cybercrime, and improve the overall telecom experience for users in India. 

According to PTI, the official statement said “To date, more than 1 crore fraudulent mobile connections have been disconnected with the help of Sancharsaathi. Further, 2.27 lakh mobile handsets have been blocked for involvement in cybercrime /financial frauds.”

The Growing Menace of Telecom Fraud

Telecom fraud has been a persistent issue in India, with millions of users receiving unsolicited calls and messages daily. These spam calls are not only a nuisance but also pose significant security risks. Fraudsters often use these calls to deceive individuals into sharing personal information, leading to financial losses and identity theft.

To address this growing challenge, Trai and DoT have taken a proactive approach by identifying and disconnecting mobile connections that are suspected of being used for fraudulent activities. This massive disconnection drive is a testament to the authorities’ commitment to safeguarding consumers and maintaining the integrity of the telecom network.

The Disconnection 

The joint effort by Trai and DoT involved a meticulous process of identifying suspicious mobile connections. This was achieved through advanced data analytics and collaboration with telecom service providers. The authorities focused on connections that exhibited unusual patterns, such as high volumes of outgoing calls or messages, which are typical indicators of spam and fraud.

In addition to disconnecting over 1 crore mobile connections, the authorities also blocked 2.27 lakh mobile handsets that were found to be involved in cybercrime and financial fraud. This dual approach of targeting both the connections and the devices used for fraudulent activities ensures a comprehensive crackdown on telecom fraud.

Enhancing Consumer Protection

“In the last fortnight, over 3.5 lakh such numbers have been disconnected and 50 entities have been blacklisted. In addition, around 3.5 Lakh unused and unverified SMS headers and 12 Lakh content templates are blocked,” another statement read.

One of the primary objectives of this initiative is to enhance consumer protection. By disconnecting fraudulent connections, Trai and DoT aim to reduce the number of spam calls and messages that consumers receive. This not only improves the user experience but also helps in building trust in the telecom sector.

Moreover, blocking mobile handsets involved in cybercrime is a crucial step in preventing further misuse. Fraudsters often use these handsets to carry out their activities, and blocking them disrupts their operations. This measure also sends a strong message to those involved in such activities that the authorities are vigilant and will take stringent actions against them.

Read more »
Telecom
AI Apple ChatGPT Technology Telecom

From Siri to 5G: AI’s Impact on Telecommunications

From Siri to 5G: AI’s Impact on Telecommunications

The integration of artificial intelligence (AI) has significantly transformed the landscape of mobile phone networks. From optimizing network performance to enhancing user experiences, AI plays a pivotal role in shaping the future of telecommunications. 

In this blog post, we delve into how mobile networks embrace AI and its impact on consumers and network operators.

1. Apple’s AI-Powered Operating System

Apple, a tech giant known for its innovation, recently introduced “Apple Intelligence,” an AI-powered operating system. The goal is to make iPhones more intuitive and efficient by integrating AI capabilities into Siri, the virtual assistant. Users can now perform tasks more quickly, receive personalized recommendations, and interact seamlessly with their devices.

2. Network Optimization and Efficiency

Telecom companies worldwide are leveraging AI to optimize mobile phone networks. Here’s how:

  • Dynamic Frequency Adjustment: Network operators dynamically adjust radio frequencies to optimize service quality. AI algorithms analyze real-time data to allocate frequencies efficiently, ensuring seamless connectivity even during peak usage.
  • Efficient Cell Tower Management: AI helps manage cell towers more effectively. During low-demand periods, operators can power down specific towers, reducing energy consumption without compromising coverage.

3. Fault Localization and Rapid Resolution

AI-driven network monitoring has revolutionized fault localization. For instance:

  • Korea Telecom’s Quick Response: In South Korea, Korea Telecom uses AI algorithms to pinpoint network faults within minutes. This rapid response minimizes service disruptions and enhances customer satisfaction.
  • AT&T’s Predictive Maintenance: AT&T in the United States relies on predictive AI models to anticipate network issues. By identifying potential problems before they escalate, they maintain network stability.

4. AI Digital Twins for Real-Time Monitoring

Network operators like Vodafone create AI digital twins—virtual replicas of real-world equipment such as masts and antennas. These digital twins continuously monitor network performance, identifying anomalies and suggesting preventive measures. As a result, operators can proactively address issues and maintain optimal service levels.

5. Data Explosion and the Role of 5G

The proliferation of AI generates massive data. Consequently, investments in 5G Standalone (SA) networks have surged. Here’s why:

  • Higher Speeds and Capacity: 5G SA networks offer significantly higher speeds and capacity compared to the older 4G system. This is essential for handling the data influx from AI applications.
  • Edge Computing: 5G enables edge computing, where AI processing occurs closer to the user. This reduces latency and enhances real-time applications like autonomous vehicles and augmented reality.

6. Looking Ahead: The Quest for 6G

Despite 5G advancements, experts predict that AI’s demands will eventually outstrip its capabilities. Anticipating this, researchers are already exploring 6G technology, expected around 2028. 6G aims to provide unprecedented speeds, ultra-low latency, and seamless connectivity, further empowering AI-driven applications.

Read more »
Ukrainian Hackers
Cyber Attacks Cyber Warriors CyberCrime Cybersecurity Cyberthreats Data Center Internet Services Russian Military Telecom Ukrainian Hackers

Under Siege: Ukrainian Cyber Warriors Erase Vital Russian Military Data Center

 


On April 8 of this year, sources in the Ukrainian Security Service of Ukraine (SBU) told the Kyiv Independent that Ukrainian hackers, possibly linked to the SBU, destroyed a data centre used by Russian military, energy, and telecommunications companies. In a recent attack, Ukrainian hackers connected to the SSU cyber department destroyed a data centre belonging to a Russian industrial giant. 

They included Gazprom, Lukoil, Telecom and some of the leading military companies in the country. Sources have stated that more than 10,000 entities involved in the Russian military industry have stored their data in OwenCloud.ru cloud services, which the hackers targeted. 

A number of these companies, including Ural Works of Civil Aviation, Rubin, Ural Plant Spectechniks, Gazprom, Transgaz, Lukoil, Rosneft, Nornickel, Rostelecom, or MegaFon, reportedly make up this group: the oil and gas industry, the metallurgical and aerospace industry, as well as major telecommunication giants. 

A source stated that over 300 TB of data were taken out of circulation on 400 virtual and 42 physical servers. This operation involved the Ukrainian hacking group BLACKJACK and the cyber division of the Ukrainian Security Service. In addition to internal documents and backups, these servers had software used to manage production processes remotely, according to a source. 

The OwenCloud.ru website, at the moment of publication, displays what is alleged to be a message left by a group called Blackjack, stating that the centre's "information technology infrastructure has been destroyed." The Ukrinform news service reports nearly 4,500 cyberattacks on Ukraine are carried out by Russian hackers every year. Kyivstar was attacked by a powerful hacker on December 12, 2023, which caused the company to experience a technical breakdown.

Communication and internet services stopped working. It is estimated that around 16,000 Russian companies are affected by the strike, such as Lukoil, Rosneft, The Ural Works of Civil Aviation (which is part of the Roselectronika holding), Ural Special Equipment Plant, Gazprom, Transgaz, Norilsk Nickel, Rostelecom, Telecom, and Megafon. As a result, the source asserted that OwenCloud.ru is hosting over 10,000 legal entities, including the military-industrial sector, oil and gas industry, metallurgical and aerospace companies, and telecommunication giants. 

It was reported that the hack affected various organizations, such as companies in the oil and gas and telecommunications sectors and the country's military. In the Kyiv Independent report, there was a list of victims that included Ural Works of Civil Aviation, Rubin, Ural Plant Spectechniks, Gazprom, Transgaz, Lukoil, Rosneft, Nornickel, Rostelecom, and MegaFon, among others. 

The source of NV's report revealed on March 18 that Ukrainian hackers were able to access correspondence between Russian CEC member Nikolai Levichev and Boris Nadezhdin, a candidate in the so-called presidential election. As a result of being denied registration as a presidential candidate, Nadezhdin actively contacted representatives of the Russian Central Election Commission and resolved personal and political issues, including addressing the refusal of the Russian Central Election Commission. 

According to the hacker group, this suggests that a "fake presidential candidate" is at play. Ukrainian hackers are known for regularly stealing information about Russian websites, payment systems, and state-owned companies. Thousands of Russian organizations were accessed by Ukrainian hackers in January, and 200 gigabytes of data was obtained. 

A Russian state-owned company that builds military facilities across the entire Russian territory has also been crashed by the BLACKJACK hacker group. They have also stolen documentation for 500 military facilities maintained by the Russian Ministry of Defense. On the servers of the Russian Ministry of Defense, a DDoS attack was launched by hackers from the Defense Intelligence Department.
Read more »
Telecom
Cyberattack CyberCrime Cybersecurity Data protection DSCI NASSCOM Privacy Telecom

Privacy Act Compliance Staggered, NASSCOM Seeks Collaboration

 


During its representation to the government, Nasscom, the leading industry body in the sector, suggested that the Ministry of Electronics and Information Technology need to consider different deadlines for compliance with the upcoming rules on data protection and protection of personal information. 

As a result of discussions with the industry, Nasscom stated that organizations that do not have any prior experience with data security, including governments, logistics companies, professionals, offline retailers, research institutes, and schools, would need to start from scratch if they wish to implement a compliance program. These will be the most time-consuming and time-consuming tasks as they will be the most necessary. 

According to industry organizations NASSCOM and the Data Security Council of India (DSCI), there needs to be a minimum compliance period of 24 months from the date of notification of any obligation, standard, code of practice or rule. 

As part of their submissions to the Joint Parliamentary Committee on the Personal Data Protection Bill, both organizations pointed out that such a period will be required. It was reported that Nasscom has partnered with companies in the e-commerce, financial, healthcare, and other industry sectors. The report explained that the compliance programmes would need to be adapted to account for the new obligations (e.g., rights as to personal data) that will apply to all types of digital personal data. 

As the Ministry of Electronics and Information Technology (MeitY) said on Friday, it is likely that organisations without any experience in privacy-related legislation, such as the Digital Personal Data Protection Act (DPDPA), will have the most difficulty complying with the new law. 

The observation made by Nasscom came as a part of a representation made to MeitY describing how the DPDPA can be effectively implemented. There were questions about the full scope of the Act, and the agency requested clarification and guidance on it. 

The Data Protection Authority (DPA) will also need to be formed within a set period that must also be defined in the legislation. There must be additional time given to those companies that are handling the data of foreign nationals so that they may renegotiate their international contracts when the bill is passed. To clarify the extent to which the proposal could be applied extraterritorially, examples must be provided. 

A very important aspect of the Indian regulatory landscape is NASSCOM, one of the key industry groups. A data protection body called the DSCI has been set up in India to focus on the protection of data. Ashwini Vaishnaw, the IT minister of India, has recently stated that the government does not intend to allow companies to comply with the Act within 12-18 months. Is it reasonable to expect the protection of personal data to take so much time? Since the introduction of the GDPR and the Singapore Data Protection Act, the entire industry is already accustomed to it as a result of [the European Union's] GDPR and others. In effect, since they were enacted," he said. He also mentioned that regarding the 25 sets of rules to be adopted to implement the DPDP Act, they would be released in one shot and everyone would be notified at the same time. 

Vaishnaw had also commented that the draft rules would be made public for 45 days for public consultation. In their request, Nasscom pointed out that generally, 30 days are allotted for the public to comment on each set of rules. As a result, Nasscom requested MeitY to give a period that is sufficiently long for the public to comment. 

The idea, as mentioned by Nasscom, is not merely to indirectly create new rules, but rather to provide comprehensive clarification on how the central government is interpreting these sections. This clarification aims to identify the best practices and international reference points that can confidently be applied to the Indian context. 

By doing so, it will not only avoid redefining statutory provisions or constraining the (Data Protection) Board or the Telecom Disputes Settlement and Appellate Tribunal, but also ensure that the interpretation of key terms and concepts, such as "purposes of employment", "voluntary provision of personal data", "technical and organisational measures", "security safeguards", "detrimental effect on the well-being of a child", and "erasure" under the Act, are clearly defined and understood. This guidance will enable stakeholders to navigate the complexities of data protection with greater clarity and confidence.
Read more »
Telecom
Artificial Intelligent Cyber Security Cyberattack CyberCrime HTTPSnoop malware Telecom

Cybersecurity Alert: HTTPSnoop Malware Infiltrates Telecom Giants

 


Cyberattacks against telecommunication service providers in the Middle East have been carried out with the use of new malware called HTTPSnoop and PipeSnoop, which allow cybercriminals to remotely control the devices infected with this malware. 

They have also found a companion implant to HTTPSnoop, known as PipeSnoop, which is capable of accepting shellcode from a named pipe and executing it on the infected endpoint by sending it to an open socket. These findings confirm that the two implants belong to a new group of intrusions called 'ShroudedSnooper' that Cisco Talos has deemed highly likely to belong to its new set of intrusions. 

According to a report by Cisco Talos, the two implants belong to the same intrusion set named 'ShroudedSnooper' but serve different operational goals in terms of the level of infiltration. "The backdoor HTTPSnoop is a simple, yet effective backdoor built into the Windows operating system by using a novel technique that interfaces with the HTTP kernel drivers and devices to listen to incoming HTTP(S) requests and execute the content on an infected machine. 

According to Cisco Talos in a report shared with The Hacker News, HTTPSnoop is a simple but effective backdoor. It is also important to note that a sister implant, codenamed PipeSnoop, is also part of the threat actor's arsenal, as this implant is capable of accepting arbitrary shellcode from a named pipe and executing it on the infected machine. 

To get an initial foothold into target environments, ShroudedSnooper is said to exploit internet-facing servers and use HTTPSnoop as its first step. Both malware strains are impersonating components of the Palo Alto Networks Cortex XDR application ("CyveraConsole.exe"), thereby evoking the credibility of Palo Alto Networks. 

PipeSnoop The Cisco Security Research Center first detected the PipeSnoop implant back in May 2023. This implant appears to act as a backdoor to Windows IPC (Inter-Process Communication) pipes, which are used to send shell codes to breached endpoints. Unlike HTTPSnoop, which appears to target servers that are visible to the public, PipeSnoop appears more suitable for exploiting compromised networks deep within, as opposed to the public-facing servers that HTTPSnoop seems to target. 

The Cisco engineers note that the implant requires a component that provides the shell code in order to function properly. Despite this, the firm's analysts still haven't been able to pinpoint where the malware is located. The telecommunications industry often becomes a target of state-sponsored threat actors as they run critical infrastructure within their networks and relay extremely sensitive information to a wide range of customers, as well as being targets of state-sponsored threats.

Due to the recent escalation of state-sponsored attacks against telecom entities, it is imperative that enhanced security measures are put in place as well as international cooperation in the fight against cyber-attacks. Moreover, the researcher who published the post detailed that both HTTPSnoop and PipeSnoop were found masquerading as attributes of the application Cortex XDR from Palo Alto Networks in a post. 

'CyveraConsole[dot]exe' is the executable that contains the Cortex XDR agent for Windows in the malware. That application is referred to as the malware executable, to give it its full name. The researchers, who released Cortex XDR v7.8 on Aug. 7, 2022, stated that the product would be decommissioned on April 24, 2023, as soon as it became available for download. 

The threat actors could, therefore, have operated this cluster of implants during the periods mentioned above, implying that they were used by them at the time. It has been observed that there are three different kinds of HTTPSnoop variants available at the moment. 

There is a method used by the malware in which it detects incoming requests matching predefined URL patterns, and then extracts the shellcode to execute on the user's computer by using low-level Windows APIs. The HTTP URLs used in this attack are imitative of the ones used by Microsoft Exchange Web Services, OfficeTrack, and provisioning services linked to an Israeli telecommunications company and attempt to encode malicious traffic in such a way that it is nearly impossible to detect them. 

"Several state-sponsored actors, as well as sophisticated adversaries, have been alleged to have been targeted telecommunications organizations around the world over the last couple of years. In 2022, Talos IR engagements consistently targeted this vertical as one of the top-targeted verticals in its investigation of telecommunications companies. 

Typically, telecommunication companies are high-profile targets for adversaries who are looking for the chance to cause significant damage to critical infrastructure assets. They control a considerable number of critical infrastructure assets.

In many cases, these institutions are the backbone of national satellite, internet, and telephone networks, which are heavily relied upon by both the private and public sectors.  The authors noted that telecommunications companies can also act as a gateway for adversaries to gain access to other businesses, subscribers, or third-party providers, such as banks and credit card companies. 

Moreover, Cisco Talos stated that Middle-Eastern Asian telecommunications companies are also frequently targeted by cybercriminals. The Clearsky cybersecurity firm disclosed in January 2021 that the "Lebanese Cedar" APT was targeting telecommunication companies in the U.S., the U.K., and the Middle East of Asia using web shells and RAT malware families, leveraging web shells and explosive malware. 

It was also found that the MuddyWater APT targeting South Asian telecommunication companies, which used web shells to transfer script-based malware to an Exchange Server as well as dual-use tools to perform hands-on keyboard attacks, was a separate campaign Symantec mentioned. 

Earlier this year, Cisco Talos researchers identified two vulnerabilities in WellinTech's KingHistorian ICS data manager which would lead to an attempt to exploit one of these vulnerabilities. Talos tested the software and confirmed that these vulnerabilities could be exploited by the well-known people behind WellinTech. 

The ClearSky network discovered, in January 2021, that a set of attacks had been orchestrated by the Lebanese Cedar organization aimed at telecom operators in the United States, the United Kingdom, and Middle Eastern Asia. In December of the same year, Symantec, owned by Broadcom, disclosed that the MuddyWater (also known as Seedworm) threat actor was launching a spying campaign against telecom operators in the Middle East and Asia. 

It has also been reported that other adversarial collectives have also been involved with attacks against telecommunication service providers in that region over the past year, such as BackdoorDiplomacy, WIP26, and Granite Typhoon (formerly Gallium).
Read more »
telecommunications
Cyber Crime ISP Linux SentineLabs Telecom telecommunications

Metador APT is Lurking ISPs and Telecom Entities

Researchers at SentinelLabs have discovered a threat actor identified as Metador which primarily targets universities, ISPs, and telecommunications in various Middle Eastern and African nations.

SentintelLabs researchers dubbed the organization Metador after the phrase 'I am meta' that exists in the malicious code as well as the fact that the server messages are often in Spanish. As per the findings revealed at the first-ever LabsCon security conference, the group is thought to have started operating in December 2020, but throughout the past few years, it has managed to remain undetected. 

SentinelLabs senior director Juan Andrés Guerrero-Saade claimed that despite sharing information on Metador with experts at other security companies and government partners, no one was aware of the group.

SentinelLabs researchers found Metador in a Middle Eastern telecommunications business that had been hacked by roughly ten threat actors, including Moshen Dragon and MuddyWater, who all hail from China and Iran. Metador's goal appears to be long-term espionage inventiveness. 

Along with two incredibly complex Windows-based viruses  "metaMain" and "Mafalda," that the gang uses – there are clues of Linux malware, according to the researchers at SentinelLabs.

The attackers loaded both malware into memory and decrypted it using the Windows debugging tool "cdb.exe."

Mafalda is a versatile implant that can support up to 67 commands. Threat actors have regularly updated it, and the more recent iterations of the threat are heavily disguised. The attacker can maintain a persistent connection, log keystrokes, download and upload arbitrary files, and run shellcode thanks to the robust feature set of metaMain, which is used independently.

Mafalda gained support for 13 new commands among two variations that were produced in April and December 2021, adding possibilities for credential theft, network espionage, and file system manipulation. This is proof that Mafalda is being actively developed by its developers.

Attack chains have also included unidentified Linux malware that is used to collect data from the infected environment and send it back to Mafalda. The intrusions' entrance vector has not yet been identified.

Running into Metador is a serious reminder that another category of threat actors still operates covertly and without consequence. Security product creators should seize the chance to actively design their products to keep an eye out for the most sophisticated, well-funded hackers.



Read more »
Ukraine
CERT-In Hacking Russian Cyber Security Sandworm Telecom Ukraine

Russia- Linked Sandworm Enacted Ukrainian Telecoms for Injecting Malicious Code


It was discovered that a Russian-based hacker known as Sandworm, impersonating Ukrainian telecommunications, targeted its entities and injected malware into them, leading to software infections throughout the country. 
 
The Sandworm is a group of hackers that are closely connected with the foreign military intelligence service of the Russian government called the GRU as a military unit 7445. It is an Advanced Persistent Threat (APT) group, which was responsible for several cyberattacks including on Ukrainian energy infrastructure. 
 
The recorded future was spying over the operations of government as well as private sectors. As per the report of “recorded future”, the rise in activities of Sandworm has been noticed since August 2022, tracked by the Computer emergency response team of Ukraine (CERT-UA). It is obvious from the frequency with which the Sandworm has been observed employing DNS domains for control and command infrastructure that it is a ruse to attack Ukrainian computers. 
 
Recorded Future further added in the report that, the APT group found a new infrastructure of UAC-0113, which imitates the operators such as Datagroup, and EuroTrans Telecom, which were responsible for placing DarkCrystal RAT, previously. 
 
The Recorded Future’s report entails “Identified staging infrastructure continues the trend of masquerading as telecommunication providers operating within Ukraine and delivers malicious payloads via an HTML smuggling technique that deploy Colibri Loader and Warzone RAT malware.” 
 
This new infrastructure of Advanced persistent threat group UAC-0113 distributed the commodity malicious ISO Colibri Loader and Warzone RAT by using HTML smuggling. This smuggling technique uses legalized features of HTML and JavaScript to inject malicious codes under security controls. 
 
The super-hacker team of Russia, Sandworm, is popularly known for its cyberattacks on the Ukrainian electrical grid in 2015 and 2016. In further research, it was also found responsible for the dropping of a botnet known as “Cyclops Blink”, which subjugated internet-connected firewall devices, etc from WatchGuard and ASUS. 
 
This APT group had also captured U.S. software under its cyberattacks, due to which the U.S government announced a reward of $10 million for providing the information of the hackers behind this Russian threat actor group. 
 
There are several examples of domains being used as masquerade such as the domain “datagroup[.]ddns[.]net”, tracked by CERT-UA, in June. It impersonated the data group as its online portal. Another example of deception is Kyivstar, in which the domain “kyiv-star[.]ddns[.net” was used by Sandworm against Ukrainian telecom services.
Read more »
User Privacy
Canada Data Breach Encryption Hive Ransomware Phishing Attacks Telecom User Privacy

Bell Canada Hit by Hive ransomware

Bell Canada, a telecommunications firm, alerted consumers of a cybersecurity incident in which hackers gained access to business data. With more than 4,500 people, BTS is an autonomous subsidiary that specializes in installing Bell services for household and small-business customers in the provinces of Ontario and Québec.

Bell Technical Solutions, an independent subsidiary that specializes in the setup of Bell services for housing and small business customers in Ontario and Québec, had been the target of the recent cybersecurity incident, the company identified, according to a notice published on bell.ca. that "Some operational company and employee information was accessed in the recent cybersecurity incident,"

Although the Canadian telecoms operator declined to say when its network was compromised or the attack transpired, Hive claims in a fresh post to its data leak blog that BTS' systems were encrypted on August 20, 2022, almost exactly one month earlier.

To assist in the recovery process, outside cybersecurity professionals were hired. The Royal Canadian Mounted Police's cybercrime unit has been contacted about the attack, and the corporation has informed Canada's Office of the Privacy Commissioner of the occurrence.

In the wake of the occurrence, the Bell subsidiary cautioned customers that they might become the victim of phishing attacks and took immediate action to secure the compromised systems and to reassure users that no customer data, including credit and debit card numbers, banking information, or other financial data, was accessed as a result of the incident.

"Any persons whose private data could have been accessed will be promptly informed by us. Other Bell clients or other Bell businesses were not impacted; Bell Technical Solutions runs independently from Bell on a different IT system" the company stated.

Hive is an affiliate-based ransomware version that was first noticed in June 2021 and is used by hackers to launch ransomware attacks targeting healthcare facilities, charities, retailers, energy suppliers, and other industries globally.

Recently cyberattack by the Hive ransomware gang has led to an extortion attempt worth $2 million against Damart, the French clothing firm with over 130 locations throughout the world. According to data from Recorded Future, Hive is still one of the most active ransomware gangs, responsible for more than 150 attacks last month.









Read more »
Telecom
Credential Phishing Dark Web Data Breach Finance Healthcare Malicious actor Ransomware Attacks. Stock market Telecom

Dark Web: 31,000 FTSE 100 Logins

 

With unveiling the detection of tens of thousands of business credentials on the dark web, security experts warn the UK's largest companies that they could unintentionally be exposed to significant vulnerability. Outpost24 trawled cybercrime sites for the compromised credentials, discovering 31,135 usernames and passwords related to FTSE 100 companies using its threat monitoring platform Blueliv.

The Financial Times Stock Exchange (FTSE) 100 Index comprises the top 100 companies on the London Stock Exchange in terms of market capitalization. Across several industry verticals, these businesses reflect some of the most powerful and lucrative businesses on the market. 

The following are among the key findings from the study on stolen and leaked credentials: 

  • Around three-quarters (75%) of these credentials were obtained by traditional data breaches, while a quarter was gained through personally targeted malware infections. 
  • The vast majority of FTSE 100 firms (81%) had at least one credential hacked and published on the dark web, and nearly half of FTSE 100 businesses (42%) have more than 500 hacked credentials. 
  • Since last year, there were 31,135 hacked and leaked credentials for FTSE 100 organizations, with 38 of them being exposed on the dark web. 
  • Up to 20% of credentials are lost due to malware infections and identity thieves.
  • 11% disclosed in the last three months (21 in the last six months, and 68% for more than a year) Over 60% of stolen credentials come from three industries: IT/Telecom (23%), Energy & Utility (22%), and Finance (21%). 
  • With the largest total number (7,303) and average stolen credentials per company (730), the IT/Telecoms industry is the most in danger. They are the most afflicted by malware infection and have the most stolen credentials disclosed in the last three months.
  • Healthcare has the biggest amount of stolen credentials per organization (485) due to data breaches, as they have become increasingly targeted by cybercriminals since the pandemic started. 

"Malicious actors could use such logins to get covert network access as part of "big-game hunting" ransomware assault. Once an unauthorized third party or initial access broker obtains user logins and passwords, they can either sell the credentials on the dark web to an aspiring hacker or use them to compromise an organization's network by bypassing security protocols and progressing laterally to steal critical data and cause disruption," Victor Acin, labs manager at Outpost24 company Blueliv, explained.
Read more »
Telecom
Asia Cyber Attacks Hackers Iranian Middle East Telecom

Telecom Industries Targeted by Hackers in Middle East and Asia

 

According to analysts, criminals attacking telcos in the Middle East and Asia over the last six months have been connected to Iranian state-sponsored cybercriminals. Cyberespionage tactics use a potent combination of spear phishing, recognized malware, and genuine network tools to steal sensitive information and potentially disrupt supply chains. 

Analysts detailed their results in a study released on Tuesday, claiming that attacks are targeting a variety of IT services firms as well as utility companies. As per a report issued by Symantec Threat Hunter Team, a subsidiary of Broadcom, malicious actors seem to obtain access to networks via spear-phishing and then steal passwords to migrate laterally. 

“Organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos were targeted in the campaign, which appears to have made no use of custom malware and instead relied on a mixture of legitimate tools, publicly available malware, and living-off-the-land tactics,” researchers wrote in the report. 

However the hackers' identities are unknown, analysts believe they may be associated with the Iranian organization Seedworm, also known as MuddyWater or TEMP.Zagros. In the past, this organization has conducted significant phishing efforts targeting enterprises in Asia and the Middle East to steal passwords and gain resilience in the target's networks. 

Researchers discovered two IP addresses used throughout the operation that had already been related to Seedworm activity, as well as some tool overlap, particularly SharpChisel and Password Dumper, they claimed. Whilst there has already been threat activity from Iran against telcos in the Middle East and Asia—for instance, the Iranian Chafer APT targeted a major Middle East telco in 2018—a Symantec spokesperson termed the action detailed in the report "a step up" in its focus as well as a prospective harbinger of larger attacks to come. 

According to the analysts, a conventional attack in the latest campaign started with attackers penetrating a specified network and then trying to steal passwords to move laterally so that web shells could be launched onto Exchange Servers. 

Researchers dissected a particular attack launched in August on a Middle Eastern telecom provider. According to the experts, the first sign of penetration, in that case, was the development of a service to execute an unidentified Windows Script File (WSF). 

Scripts were then utilized by attackers to execute different domain, user discovery, and remote service discovery commands, and PowerShell was ultimately utilized to download and execute files and scripts. According to analysts, attackers also used a remote access tool that purported to query Exchange Servers of other firms. 

According to the researchers, attackers were interested in leveraging some hacked firms as stepping stones or just to target organizations other than the first one to build a supply-chain attack. 

“A suspected ScreenConnect setup MSI appeared to have been delivered in a zipped file named ‘Special discount program.zip,’ suggesting that it arrived in a spear-phishing email,” they wrote.
Read more »
Subscribe to: Posts (Atom)