Has your internet provider been compromised? Malicious insiders are helping cybercriminals hack telecoms firms

Hackers are using both willing and blackmailed staff at internet and phone providers to help them breach networks and steal data.
Written by Danny Palmer, Senior Writer

Be it for financial gain, or because they're being blackmailed, insiders are helping hackers.

Image: iStock

Be they disaffected insiders or victims of blackmail, staff at telecommunications firms are providing cybercriminals with the information required to carry out cyberattacks against their employers.

With the sector a top target for hackers -- as demonstrated by last year's TalkTalk hack -- Kapersky Lab's Threat Intelligence Report for the Telecommunications Industry warns telecoms providers that they need to do more to protect themselves from cyber threats, from both outside and inside their networks.

According to the report, 28 percent of all cyberattacks and 38 percent of all targeted attacks involve malicious activity by company insiders -- although not everyone involved in passing corporate credentials and other inside information to hackers are willing participants in the criminal schemes.

One tactic used by hackers is to find compromising information on an employee -- be it available on the open internet or from a previous cache of stolen data -- at the organisation they wish to target.

Hackers will then blackmail the person, forcing them to hand over information which will compromise their employer or distribute spear phishing emails on their behalf, in order for the potentially embarrassing personal data not to come to light.

The report suggests that cybercriminals may have used data exposed following the hack of Ashley Madison, a dating website catering to adulterers, in order to blackmail workers.

However, Kaspersky warns that not all insider attacks are carried out by reluctant participants: some are done with the help of willing insiders who are more than happy to put their telecoms employer -- and therefore their customers -- at risk from cybercriminals.

More often than not, these malicious insiders will offer their services on underground message boards on the dark web, or via 'black recruiters', and are paid for their services. Researchers warn that these malicious insiders also have no qualms about identifying co-workers who could potentially be blackmailed.

One incident of such malicious insider activity occurred at Securus Technologies, a telecoms company which provides phone services to prisons, when a rogue employee handed over records of 70 million inmate calls to hackers.

Another example saw an SMS centre support engineer spotted on a popular dark web forum advertising their ability to intercept messages containing the one-time passwords used for the two-step authentication process required to login to customer accounts at a popular fintech company.

For the cybercriminals, recruiting an insider makes hacking a company a much simpler task, providing them with easy access to internal networks and data. The report notes how insiders at phone companies are mostly recruited to provide access to data, while staff at internet service providers are more often used to help carry out man-in-the-middle attacks.

"The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organisation in a world where attackers don't hesitate to exploit insider vulnerability. Companies can start by looking at themselves the way an attacker would," says Denis Gorchakov, senior information security analyst at Kaspersky Lab.

"If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody, somewhere has you in their sights. And the sooner you know about it the better you can prepare," he adds.


Editorial standards