TRENDING a qualitative DoS model in which the service is ‘ shut down ’ to the legitimate target user . Attackers abuse existing business processes of telcos to manage fraud and create a scenario that shows the intended victim ’ s phone number and SIM card as belonging to a scammer . The telco then blocks the victim ’ s number and SIM card , which are now traced as sources of traceable fraud . As a result , the victim will likely be required to make a personal appearance at the telecommunications office to restore its services .
Recommendation : As customers , both organizations and users can establish a strong relationship with their respective sales account representatives or executives to avoid process gaps to restore connectivity and phone services . In this sense , it would also be advisable to have an alternative means of communication with the said contact .
Whale hunting by SIM jacking
Whaling comes from the term ‘ phishing ’, but it refers to ‘ big shots ’ such as VIPs , which can include journalists , politicians , CEOs , celebrities and athletes , to name a few . SIM hijacking is also known to others as SIM swapping , it consists of an attack that redirects mobile phone traffic from a potential victim to a malicious actor . This allows the attacker to originate voice calls or messages to other employees to compromise business email ( BEC ), such as intercepting SMSbased multi-factor authentication codes ( MFA ) or authorizing company bank transfers .
Recommendation : It is advisable to use non-SMS based means of authentication , such as authentication applications . VIPs can also employ a federated identity and asset management system ( IAM ) and rethink the IAM controls handled by telecommunications personnel .
In conclusion , the integration of telecom infrastructure for the vast majority of critical verticals has been an ongoing trend , and will likely continue the opportunities that 5G and 6G provide in terms of technologies , capabilities , finances and attack surfaces . As a result , IT and security teams must be aware of the changing risks to IT assets , as well as the differences in the concepts , equipment , skills and training required to deal with those risks . p
26 INTELLIGENTCIO LATAM www . intelligentcio . com