FCC Implements New Safeguards Against SIM-Swapping Scams and Port-Out Frauds
Plus, Russian Cyber Espionage Groups Unleash New Worm and Exploit Tactics in Targeted Attacks on Ukraine
Regulatory Measures Aimed at Curtailing Malicious Attacks on Consumer Phone Accounts
The U.S. Federal Communications Commission (FCC) has announced the adoption of new regulations designed to shield consumers from cell phone account scams, particularly targeting SIM-swapping attacks and port-out frauds orchestrated by malicious actors.
These rules aim to protect consumers from scammers who execute covert SIM card swaps or transfer phone numbers to new carriers without gaining physical access to a victim's phone, as stated by the FCC this week.
SIM swapping involves transferring a user's account to a SIM card controlled by a scammer by convincing the victim's wireless carrier. Conversely, port-out fraud occurs when a bad actor, posing as the victim, moves their phone number from one service provider to another without the victim's knowledge.
The newly adopted rules, proposed in July 2023, mandate wireless providers to implement secure authentication methods before redirecting a customer's phone number to a new device or provider.
Furthermore, these regulations demand that customers receive immediate notifications whenever a SIM change or port-out request occurs on their accounts, allowing them to take necessary steps to protect themselves against such attacks.
The severity of SIM swapping as a threat has been evident, enabling threat actors like LAPSUS$ and Scattered Spider to infiltrate corporate networks. By gaining control of a victim's phone number, attackers can intercept SMS-based two-factor authentication codes, leading to the compromise of victims' online accounts.
FCC Commissioner Geoffrey Starks highlighted the importance of secure verification procedures and privacy guarantees from wireless providers to protect consumers. He emphasized the need for consumers to feel secure without fearing unauthorized phone control.
In addition to these measures, the FCC has announced an inquiry into the impact of artificial intelligence (AI) on robocalls and robotexts. While AI could enhance tools to block unwanted calls and texts, the agency recognizes the potential for AI to aid bad actors in defrauding consumers by mimicking trusted voices or sources.
The FCC's proactive steps aim to reinforce security in telecommunications and mitigate evolving threats, ensuring consumer confidence and trust in the integrity of phone services amidst technological advancements and emerging risks.
Check Point Reveals Intricate Techniques Employed by Gamaredon and APT29 in State-Sponsored Campaigns
Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been identified utilizing a USB-propagating worm, dubbed LitterDrifter, in a series of attacks targeting entities within Ukraine. Check Point, uncovering the latest tactics of the Gamaredon group, highlighted their large-scale campaigns focused on espionage objectives.
LitterDrifter, a multifaceted worm, spreads through USB drives and establishes communication with command-and-control (C&C) servers. Written in VBS, its spreader module conceals the malware in USB drives alongside a randomized LNK file. Notably, the worm's C&C strategy involves using domains as placeholders for circulating IP addresses used as C2 servers.
The worm's ability to connect to a C&C server extracted from a Telegram channel has been observed repeatedly throughout the year, indicating its adaptive tactics. Although primarily targeting Ukraine, signs of potential infection outside the region were detected across various countries.
Gamaredon's evolving attack methods have exhibited rapid data exfiltration capabilities, highlighting the group's efficiency in transmitting sensitive information within an hour of the initial compromise. Check Point concluded that LitterDrifter was designed for expansive data collection, employing straightforward yet highly effective techniques to target a broad spectrum of entities in the region.
Concurrently, Ukraine's National Cybersecurity Coordination Center (NCSCC) reported Russian state-sponsored hacker intrusions targeting European embassies, leveraging the WinRAR vulnerability (CVE-2023-38831). Attributed to APT29, these attacks employed benign-looking lures offering BMWs for sale, with the attack chain exploiting the vulnerability to deploy a PowerShell script from a remote server.
NCSCC highlighted the growing sophistication and popularity of exploiting the CVE-2023-38831 vulnerability by Russian intelligence services, demonstrating a concerning trend in cyber operations.
Additionally, the Computer Emergency Response Team of Ukraine (CERT-UA) identified a phishing campaign deploying malicious RAR archives masquerading as Security Service of Ukraine (SBU) documents. Tracked as UAC-0050, this campaign aimed at state authorities in Ukraine, deploying the Remcos RAT through deceptive executable files within the archives.
These recent revelations underscore the escalating cyber threats faced by Ukraine, portraying a landscape wherein advanced espionage groups continually refine their tactics and exploit vulnerabilities to infiltrate critical entities, emphasizing the necessity for heightened vigilance and robust cybersecurity measures.
Jobs/Internships:
Cognite - Senior Machine Learning Engineer - Austin, Texas · Hybrid
Everbridge - Senior Software Engineer I - Lansing, MI · Hybrid
Mistplay - Senior Manager, DevOps Engineering - Fully Remote
Coinbase - Summer 2024 - Product Design Intern - Fully Remote
Freddie Mac - Single-Family Software Developer Intern - Summer 2024 (Hybrid - 3 Days in Office) - McLean, VA · Hybrid
The Aerospace Corporation - 2024 Data Science Graduate Intern - Colorado Springs, CO · El Segundo, CA · Hybrid