Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/SwiftOnSecurity/statuses/111734696364766969">SwiftOnSecurity (swiftonsecurity@infosec.exchange)'s status on Thursday, 11-Jan-2024 20:30:17 JST</a><a href="https://infosec.exchange/@SwiftOnSecurity" title="swiftonsecurity@infosec.exchange"><img src="https://gnusocial.jp/avatar/25334-48-20231106112528.webp" width="48" height="48" alt="SwiftOnSecurity" style="position: absolute; left: 0; top: 0;">SwiftOnSecurity</a></section><article><p>PUBLIC SERVICE ANNOUNCEMENT:</p><p>There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success.</p><p>The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over.</p><p>The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked.</p><p>It was their cell phone provider.</p><p>Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely.<br>Go check your systems now. Go try to access all your stuff like you forgot your password.</p><p>I am very serious. This is based on private knowledge but is compelled by the compromise of the SEC. This is common now.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2571340#notice-5092683">In conversation</a><time datetime="2024-01-11T20:30:17+09:00" title="Thursday, 11-Jan-2024 20:30:17 JST">about 10 months ago</time> <span>from <span><a href="https://infosec.exchange/@SwiftOnSecurity/111734696364766969" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@SwiftOnSecurity/111734696364766969">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2096326">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
SwiftOnSecurity (swiftonsecurity@infosec.exchange)'s status on Thursday, 11-Jan-2024 20:30:17 JST SwiftOnSecurity
PUBLIC SERVICE ANNOUNCEMENT:
There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success.
The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over.
The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked.
It was their cell phone provider.
Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely.
Go check your systems now. Go try to access all your stuff like you forgot your password.
I am very serious. This is based on private knowledge but is compelled by the compromise of the SEC. This is common now.
In conversationabout 10 months ago from infosec.exchangepermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice