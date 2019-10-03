Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

#VB2019: Telcos Faced Sustained Exfiltration Attack Efforts

Speaking at the Virus Bulletin 2019 conference in London, Cybereason researchers Amit Serper, Mor Levi and Assaf Dahan discussed the “worldwide campaign against telecommunication providers” that they coined Operation Soft Cell.

Described by Serper as an access operation which was a “multi-wave attack,” he said that the operation targeted call detail records (CDRs) which contain details of call information, where calls are made and the originating number and IMEI number.

“With this you can build a complete picture of a person and where they are located through the day,” he said. “You get a lot of information without getting on the phone as metadata is siphoned off.”

Levy said an investigation usually started with small pieces being tied together, and the researchers were able to learn more about the attacker. Levy said that the investigation started in 2018, and nothing was unusual at first, but second, third and fourth waves of attack were spotted, which led them to conclude that this was the same actor “as behavior and techniques were almost the same, and they were adaptive and changing indicators to bypass detection.” It was later revealed by the researchers that the compromise had sometimes gone on for up to seven years.

During the third phase, the researchers realized the attacker was not after bill data or domain administrator details.

Dahan said that the attacker was able to get in, do external reconnaissance, and use third party tools for exfiltration and to move laterally and obtain credentials.

“We understood that the attack was on exfiltration, as they compressed and password protected it,” Dahan said. Serper pointed out that remote access Trojans like Poison Ivy were used. 

Levy added that it was “hard to connect the dots but we knew the bigger picture,” and the purpose of the threat intelligence research was to get the big picture. The companies were informed, and it initially expanded from Cybereason’s customer to dozens of other telcos.

The research also revealed that a lot of the attacks took place in GMT+8, the Chinese time zone, where a two-hour lunch break was also taken. Serper concluded by saying that upon telling those affected, he got very negative responses as “cyber insurance doesn’t cover nation state attacks as it is an act of war.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Publishers Targeted by GhostCat Malware

2
News

Hearing Aid Giant Warns of $95m in Ransomware Losses

3
News

Airbus Suppliers Hit in State-Sponsored Attack

4
News

Two-Thirds of Firms Have Suffered ERP Data Breaches

5
Blog

FBI: Israel Used StingRays to Spy on the US

6
News

German Police Bust Dark Web Hosting Cyber-Bunker Business

1
News

Over 20 Million Russian Tax Records Exposed in Privacy Snafu

2
Webinar

How Segmentation Leads to Visibility and Enables Compliance

3
Opinion

Securing Linux Systems in a New Vulnerable World

4
News

#VB2019: Telcos Faced Sustained Exfiltration Attack Efforts

5
News

Hackers Are Impersonating Each Other to Hide Their Real Agendas

6
News

10 Hospitals Held to Ransom by Cyber-Criminals

1
Webinar

Mitigating the Spear-Phishing Attack Threat

2
Webinar

Identifying and Defending Against Advanced and Automated Attacks

3
Webinar

Common IAM Fears and How to Overcome Them

4
Webinar

The Key to Successful Cybersecurity Projects: Asset Management - Asking the Right Questions

5
Webinar

Mobile Access: Best Practices for a Modern Security Approach

6
Webinar

Can You be Secure by Design, Compliant and Enable Optimum Functionality?

1
Interview

Interview: Matt Davey, COO, 1Password

2
Opinion

The CFO’s Perspective: Steps to Quantifying Cyber Risk

3
News

#44CON: GPS Trackers Hacked to Make Premium Rate Calls

4
News Feature

Infosecurity Magazine Online Summit 2019: A Preview

5
Blog

Security by Sector: Charity Workers Least Likely to Receive Email Security Training

6
Opinion

Debunking Five Myths about Zero Trust