Cellphone company employees allegedly in on a scam, the size of cyber crime and a new exploit companies should watch out for
Welcome to Cyber Security Today. Monday May 13th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast click on the arrow below:
Most cyber incidents suffered by organizations are carried out by attackers outside the firm, but sometimes employees help. An indictment released last week by the U.S. Justice Department is an example. Three people who worked for mobile phone companies face charges of helping a gang that stole the smart phone numbers of seven victims, reset their passwords and then looted their cryptocurrency accounts of $2.5 million. The scam is called SIM swapping, because someone at a mobile phone company swaps the SIM card number from a victim’s phone to one held by a gang. In this case the victims were likely targeted because the gang knew they bought big amounts of cryptocurrency. Probably they were interviewed in articles, or talked about their purchases in social media. Mobile phone companies try to ensure employees don’t unwittingly fall for scams like this. In this case it is alleged the three accused were paid off.
If you buy and sell cryptocurrency, keep it to yourself. And keep your cell phone number to yourself. Don’t use it to buy or sell cryptocurrency. Meanwhile, everyone should make sure they have a PIN number on their cell phone account so no one at your provider can make changes without it. You should also ask if your provider can put a note on your account that it can only be changed to a new phone in person. There’s a link to more FBI safety recommendations here.
If you want to get an idea of how big cybercrime is, you can look at the dollar figures put out by major police forces. Another way is to look at the volume of work of criminal groups. Security vendor Palo Alto Networks has a new report out that looks at Nigerian-based groups. It figures about 400 people around the world are involved in their activities alone. Over the past four years they have distributed over 51,000 pieces of malware to computers, mainly through email, and are responsible for 1.1 million cyber attacks.
Companies are being warned by the FBI and the U.S. Department of Homeland Security about a new strain of malware believed to be from a North Korean-based group. This malware, dubbed ElectricFish, allows Internet traffic to be siphoned out of an organization without being detected. It gets done by by-passing authentication safety measures. More details are available on the US-CERT computer emergency response team website here.
Finally, users of Nvidia graphics cards are being cautioned to update their display drivers. There are some bugs that could be exploited by attackers.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon