Sunday, November 24, 2024
HomeComputer SecurityHackers Taping the Phone Network using SS7 Attacks to Steal Money From...

Hackers Taping the Phone Network using SS7 Attacks to Steal Money From Bank Accounts

Published on

New research states that sophisticated hackers are now taping the Phone network by exploiting the SS7 protocol to steal money from the bank accounts by intercepting the messages.

SS7( Signaling System No. 7) protocol used by Internet service providers and telecom companies to control the phone calls and text messages around the world.

SS7 Attacks performed by Cyber criminals using an existing design flaw in SS7 protocol and exploit it to perform various dangerous attacks such as data theft, eavesdropping, text interception and location tracking.

- Advertisement - SIEM as a Service

Basically, these controls are extremely limited and some time the access can be provided to the intelligence agencies or surveillance contractors for a legitimate purpose since it is a very serious concern about sensitive data and privacy of users.

According to the motherboard statement, but now this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts.

Also Motherboard identified that a UK’s Metro Bank fallen victims of this SS7 Attacks and now the cyber criminals started wide spreading this attack.

Based on the confirmation given by the National Cyber Security Centre (NCSC), the defensive arm of the UK’s signals intelligence agency GCHQ, SS7 attacks are using by cybercriminals to intercept the messages to steal the code that used for bank transaction.

NCSC said that “We are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA).”

SS7 Attacks Hard to Detect

Basically, SS7 Network doesn’t authenticate who send the request and pass it into other side.So even if anyone gains the access, it considers as a legitimate one regardless of accessing users who can be a government agency, a surveillance company, or a criminal.

Since the bank accounts are under two factor authentication, by having a SS7 network access, cybercriminals can be intercepted the messages after they gaining access the internet banking login credentials using phishing attack and initiate verification code via text message.Later they intercept it via SS7 attack and using it to complete their transaction process.

“something that members of the general public don’t necessarily have to worry about. An SS7 attack is unlikely to be effective if the bank uses a form of 2FA that doesn’t rely on text messages, such as an authenticator app.”

Some of The Telecom Service Provides Statements

Vodafone spoke person said to Motherboard, “We have specific security measures in place to protect our customers against SS7 vulnerabilities that have been deployed over the last few years, and we have no evidence to suggest that Vodafone customers have been affected.”

Also they states that, Vodafone working with GSMA, banks and security experts in order to mitigate and protect their customers.

Major UK telco BT said, “We’re aware of the potential of SS7 to be used to try to commit banking fraud. Customer security is our top priority so we’re always upgrading our systems and working with the industry and banks to help protect our customers.” 

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.


Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

FortiClient VPN Flaw Enables Undetected Brute-Force Attacks

A design flaw in the logging mechanism of Fortinet's VPN servers has been uncovered,...

Ghost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or Apple Pay

Threat actors are exploiting a new cash-out tactic called "Ghost Tap" to siphon funds...