t cht lk as part of a multi-layered defense strategy . It is also recommended to leverage existing processes by using data such as telecommunications records that are related to the origin of the text messages or calls .
TDoS extortion
Compared to the quantitative Denial of Service ( DoS ) model in which a system is overloaded with traffic volumes , the Telephony Denial of Service ( TDoS ) is a qualitative DoS model in which the service is ‘ shut down ’ to the legitimate target user . Attackers abuse existing business processes of telcos to manage fraud and create a scenario that shows the intended victim ' s phone number and SIM card as belonging to a scammer . The telco then blocks the victim ' s number and SIM card , which are now traced as sources of traceable fraud . As a result , the victim will likely be required to make a personal appearance at the telecommunications office to restore its services .
Recommendation : As customers , both organizations and users can establish a strong relationship with their respective sales account representatives or executives to avoid process gaps to restore connectivity and phone services . In this sense , it would also be advisable to have an alternative means of communication with the said contact .
Whale hunting by SIMjacking
Whaling comes from the term ‘ phishing ’, but it refers to ‘ big shots ’ such as VIPs , which can include journalists , politicians , CEOs , celebrities and athletes , to name a few . SIM hijacking is also known to others as SIM swapping , it consists of an attack that redirects mobile phone traffic from a potential victim to a malicious actor . This allows the attacker to originate voice calls or messages to other employees to Compromise Business Email ( BEC ), such as intercepting SMS-based Multi-Factor Authentication Codes ( MFA ) or authorizing company bank transfers .
Calling line spoofing
Call Line Impersonation ( CLID ) is a standards-based activity used for legitimate purposes , including masquerading call centers behind 1 – 800 hotline numbers . Criminals can also abuse it to attack people : One scenario may involve a customer receiving a call or text message from their bank including a request for action in which the customer is lured into unintentionally sharing their credentials or other confidential information with an attacker via a phishing site .
Recommendation : Users and organizations should verify the origin of incoming calls and text messages
Recommendation : It is advisable to use non-SMS based means of authentication , such as authentication applications . VIPs can also employ a federated Identity and Asset Management system ( IAM ) and rethink the IAM controls handled by telecommunications personnel .
In conclusion , the integration of telecom infrastructure for the vast majority of critical verticals has been an ongoing trend , and will likely continue the opportunities that 5G and 6G provide in terms of technologies , capabilities , finances and attack surfaces . As a result , IT and security teams must be aware of the changing risks to IT assets , as well as the differences in the concepts , equipment , skills and training required to deal with those risks . p
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 77