The telecommunications industry provides an array of services that connect people across the globe, but with $2+ trillion in revenue, millions of customers, and control over vast swaths of sensitive data, it should come as no surprise that it recently saw a 70% increase in IT security incidents. Today’s telecom organizations are under constant threat from cyberattackers intent on targeting them directly in an effort to breach critical network infrastructures, and those intent on targeting their large supply of customers. Social networks have become a valuable tool in waging these types of attacks, and as telecommunications organizations pivot toward a digital future, we’ll cover how some of these external attacks have been taking place.
Using Social Media to Wage a Direct Attack
Social media has become a major platform for telecommunications companies to engage customers, grow their business, and promote offers and services. Attackers have flocked to social media to target executives and employees with phishing or malware links, just like they did for email in the previous generation of cybercrime. Because users are notorious for reusing passwords and choosing similar aliases across different platforms, extracted credentials or executables can often be used to pivot into internal company networks, leading to corporate data loss or reputational and financial damages.
In many cases, attackers can incorporate deceptive strategies like impersonation in order to gain their victims trust. Impersonators intend to deceive or confuse, generally hijack the layouts, images, and information of a legitimate person or organization. CEOs may be more apt to click on a link sent via Twitter from an account posing as a corporate partner, or if an employee’s having a rough day at work, they may not think twice to download a malicious Microsoft Office attachment sent by a LinkedIn contact onto the company network. The motivations for creating an impersonator account are diverse, ranging from innocuous parody accounts to outright malicious slandering of a person or brand, or hijacking of a victim’s authority to launch scams and cyber attacks (Figure 1).
Figure 1. A brand-damaging scammer phishes curious telecommunications customers.
Using Social Media to Commit Identity Fraud
Attackers can also impersonate the customer themselves in an effort to obtain an account with a service belonging to the telecom company. More and more, social channels like Facebook and Google are being used as identity validators for new services. When combined with a stolen social security number, birth date, or other pertinent PII, impersonators can fraudulently register accounts with telecom services in order to commit financial theft or other illegal activities under the guise of a stolen identity.
Using Fake Social Media Apps to Steal Sensitive Data
Attackers know that telecom customers trade security for convenience when browsing on their smartphones, making their mobile devices easy and data-rich targets for infection. An example of a prominent attack vector is APK files delivered from Google Play apps. There have been a spate of recent Android malware campaigns including Skygofree, GhostTeam, AnubisSpy, Dark Caracal, GnatSpy, Tempting Cedar, FakeApp, and others. The malware associated with these campaigns executes a range of malicious outcomes on the end user’s device like using its camera to remotely capture photos and videos, using its microphone to record audio, using its GPS to acquire geolocation data, and monitoring apps to steal data like private messages, calendar events, browser histories, media or bank account login credentials, and enterprise intellectual property. Malicious Google Play apps and URLs often impersonate legitimate social networking apps, and are typically spread via social media on public posts and groups.
Using Social Media to Exfiltrate Sensitive Data
Other threats may surface from within the walls of the telecom company itself. The mountain of data modern companies is so valuable that it In one prominent incident, an engineer at a telecom company obtained two-step authentication passwords required to login to customer accounts at a financial company, and subsequently offered them up on the dark web.
Top Risks to Telecommunication Providers
- Account takeover – when a social media account belonging to a Telecom brand or executive is hijacked, it can be vandalized in a way that smears its reputation, or be used to publicly post embarrassing content on their behalf, message followers (e.g. customers, colleagues) with malicious content, and mine personal direct messages for doxworthy personal details.
- Customer fraud and scams – social media scams can enact direct losses to Telecom customers, who might seek compensation because of legal entitlement, contractual anti-fraud policies, or as a gesture to retain customer satisfaction, prevent competitor attrition, or avoid public relations crises. There’s also an indirect, reputational cost associated with having a Telecom brand consistently misused and associated with unsavory content. A gradual tarnishing in a brand’s perceived trustworthiness that can take time and money to repair.
- Phishing and malware – with more than one in eight enterprises suffering a security breach due to a social media-related cyber attack and 23.3% of employees receiving malware through social media, Telecom companies should take further steps towards securing their social media risk surface from external attacks.
- Physical threats – attackers frequently telegraph their intentions online when it comes to physical risks. Forward looking Telecom organizations, who often have many physical assets, can use social media as a form of proactive situational awareness against physical threats and risks. This goes for natural disasters and other unforeseen physical events.
- Executive risks – many executives expose themselves to risks on social media, either by oversharing personal information — travel plans, family details, potentially non-compliant company data, etc — or having their accounts exploited by attackers for phishing attacks or account takeovers. Opportunistic attackers also impersonate executives to attack employees or customers.
In the rapidly evolving world of external threats being directed at telecommunications companies and their customers, more and more companies are taking their social and digital security seriously. Telecommunications providers around the globe are adopting social media protection and digital risk monitoring solutions. In the recent Forrester Digital Risk Monitoring Wave, ZeroFOX was named a leader and top ranked in strategy, with a perfect score for customer references. Moreover, ZeroFOX protects enterprises and their customers using FoxThreat rules that automatically detect malicious activity when they appear on social and digital channels. Find out about ZeroFOX’s automated technology at zerofox.com/platform.