CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Satellite dish sending data showing cyber attacks for telecom industry
Cyber SecurityInsights
·4 min read

Telecom Corporate Accounts at Highest Risk for Cyber Attacks

Bob Lyle·October 8, 2020
TwitterFacebookLinkedIn

Telecom companies have made huge leaps in security to protect their networks and their customers, but their own employees and executives remain extremely vulnerable to having their own accounts compromised, according to research from cybersecurity firm SpyCloud.

In fact, the 11 telecom companies in the Fortune 1000 comprise the most vulnerable industry in the study – at greater risk than retail, banking, healthcare and other industries. SpyCloud examined more than 100 billion account assets from previous data breaches and connected them to Fortune 1000 companies to see how exposed they are to account takeover (ATO) attacks, where hackers use someone’s login credentials to gain access to their accounts, potentially unlocking corporate data, sensitive personal information, finances and more.

The human tendency to reuse passwords across multiple accounts or use weak passwords makes ATO an effective method for accessing someone else’s accounts. If a person’s login and password was compromised by one data breach and they used the same login and password on other accounts, those other accounts are immediately at risk. Compromised or weak passwords are the No. 1 method for ATO, according to research from Verizon. Of the account assets SpyCloud looked at, there were more than 5.5 million credential pairs (corporate email accounts with decrypted passwords) and over half a million stolen phone numbers.

In theory, corporate passwords should be strong given the importance of the assets they protect and the robust guidance often provided by corporate security teams, but when an employee reuses credentials across other accounts, they are only as strong as the weakest link. SpyCloud found 74% of employees, including C-level executives, working for Fortune 1000 telecom companies are reusing passwords across multiple work and personal accounts. Some of those sites will eventually be breached if they haven’t already.

Cybercriminals inevitably test breached credentials against other logins, taking over any other accounts protected by the same username and password. If those stolen credentials contain a corporate email domain, criminals have an obvious clue that they could gain access to the corporate network and valuable enterprise systems, customer data and intellectual property.

Besides passwords, another common asset criminals use to takeover accounts is mobile phone numbers. With a simple phone call to a mobile carrier and some light social engineering, criminals can divert a victim’s phone service to their own device. Once the attacker has control of the victim’s phone number, they will receive the texts for multi-factor authentication, now commonly used as a more secure way to log into sensitive accounts.

The vast majority of attacks are what you typically see in the news and what most security organizations solve for with bot mitigation solutions that prevent credential stuffing, where criminals use bots to try stolen credentials across a high volume of accounts in a short amount of time. Credential stuffing attacks may come years after a site is breached. Stolen credentials are typically kept within a tight circle of criminals for the first 18-24 months after the breach, to be extensively monetized with more sophisticated targeted attacks before being sold in combo lists on the dark web.

It is in these early days of targeted attacks against companies and individuals that the major damage is done and where security teams should be focusing prevention efforts. Here are a few measures you can take to prevent ATO attacks and protect yourself, your employees and your company.

1. Use Multi-Factor Authentication everywhere

While I did just highlight a way that some criminals use SIM swapping to get around multi-factor authentication, it is still another layer of security and much stronger than going without.

2. Use a password manager for all of your logins (not just for work)

Even though many find the initial set up and use of a password manager somewhat tedious, it is well worth the time spent to avoid the potential damage of a successful criminal attack.

3. Stop rotating passwords every 90 days

This provides a false sense of security and frustrates people, so they may end up recycling passwords (simply adding a character at the end of a well-worn password, thinking that is safe). Instead, educate users on password hygiene and provide guidelines for creating strong passwords.

4. Don’t click on links or open attachments from unknown senders

Phishing attempts containing credential-stealing malware have grown much more sophisticated and difficult to detect. Remain vigilant and keep employees apprised of the latest fraud attempts on the rise.

 5. Monitor your credentials and PII – both work and personal

There are free services available that will continuously check whether your credentials show up on breached lists, so you can secure your accounts quickly. There are also systems available for ongoing monitoring of exposed passwords for all your employees, allowing you to take swift action to prevent criminals from monetizing those credentials at the cost of your business and customers.

74% of employees, including C-level executives, working for Fortune 1000 #telecom companies are reusing passwords across multiple work and personal accounts. #cybersecurity #respectdataClick to Tweet

Because the telecom industry has so many employees, so many subscribers, and seemingly unlimited data out there in the hands of criminals, it is a prime target for bad actors looking to profit, but employees do not need to make it easy for them with sloppy password management. Proper credential management can go a long way in preventing fraudulent access to all your valuable online accounts.

 

TwitterFacebookLinkedIn
Tags
Account Takeover AttackTelecommunications
Bob Lyle
Vice President of Mobile at SpyCloud
As vice president of mobile at SpyCloud, Bob brings 25 years of mobile experience to SpyCloud’s leadership team. With a background in the device security and IP licensing spaces, he leads SpyCloud’s efforts to engage with the mobile ecosystem to best serve enterprises and consumers globally and protect them from account takeover. Bob is also the Chair of GSMA’s Device Security Group, which advises mobile network operators, mobile device OEMs and mobile ISVs on device security, theft, malware and spyware protections and assists with industry recommendations and standards around device security matters.
Related
Tall telecommunication tower and the silhouetted treeline showing FCC data breach notification regulations
Cyber SecurityNews

FCC Introduces New Data Breach Notification Rules for Telecommunications Companies

January 17, 2023
Illuminated Optus sign hanging in front of a store showing cyber attack expose personal data in data breach
Cyber SecurityNews

Optus Cyber Attack Potentially Exposed Personal Data of up to 40% Of Australians, Negligence Suspected

September 30, 2022
Hacker holding a telephone receiver and working on computer showing data breach via support agent
Cyber SecurityNews

Hackers in Cox Communications Data Breach Impersonated Company’s Support Agent to Access Customer Information

December 23, 2021
Clubhouse application icon on smartphone showing Clubhouse and Facebook users phishing and account takeover attacks
Cyber SecurityNews

“Combo File” Merging 3.8 Billion Phone Numbers from Clubhouse With Scraped Facebook Users Could Cause Surge in Phishing, Account Takeover Attacks

October 1, 2021
Telecommunication antenna receiver on cell phone tower with 5G showing challenge of legacy signalling protocols
Cyber SecurityInsights

Legacy Signalling Protocols: The Challenge for Network Operators

September 30, 2021
Logo of T-Mobile on shopfront showing data breach of customer data
Cyber SecurityNews

T-Mobile Data Breach: 100 Million Customer Data Records Compromised Including Social Security, Driver’s License & Unique Device Numbers

August 19, 2021
Metallic lock on mobile phone showing data breach
Cyber SecurityNews

Hackers Access Personal and Call Information and Port Numbers in Mint Mobile Data Breach

July 22, 2021
Smart digital city with connection network showing need for IoT security
Cyber SecurityInsights

Telcos and PAM: A Response to the Next Wave of IoT

May 6, 2021

Latest

Yellow crime scene tape on computer keyboard showing law enforcement operations on Hive ransomware gang

Hive Ransomware Shut Down by Law Enforcement Operation; FBI in Possession of Decryption Keys, Group’s Public-Facing Website

Woman holding glasses showing data privacy regulations

Navigating the Data Privacy Landscape in 2023

WhatsApp app icon on a smartphone showing GDPR violations

WhatsApp Receives €5.5 Million Fine for GDPR Violations

League of Legends website page showing security breach of game cheats and source code

Security Breach at Riot Games Reveals Game Cheats, Source Code for Popular eSport “League of Legends”

- Advertisement -

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Stay Updated

Follow Us

© 2022 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    U.S. Data Breach Regulations EU GDPR Facebook
    See all results