Lapsus$ hackers took SIM-swapping attacks to the next level

[[correlate]]

Content source

https://www.bleepingcomputer.com/news/security/lapsus-hackers-took-sim-swapping-attacks-to-the-next-level/

The U.S.A. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.
Reviewing the group's operations started in December last year following a long trail of incidents attributed to or claimed by Lapsus$ after leaking proprietary data from alleged victims.
Among high-profile companies impacted by Lapsus$ are Microsoft, Cisco, Okta, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, and Globant.

Lapsus$ hackers took SIM-swapping attacks to the next level

The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.

www.bleepingcomputer.com

 

[Marko :)]

Is SIM swapping still a problem in the US, Canada? It was never a problem here. Though, we did had cases long time ago when criminals would use lost/stolen ID cards and went to ISP stores to buy phones and sign a postpaid contracts; leaving victims with huge bills to pay. Fortunately, only a small number of people were scammed before ISPs started doing stricter checks.

Now, even when dealing with customer support, they'll ask a whole number of questions to confirm that it is really you in fact, before helping you with anything.
They ask for:

• ID number
• personal identification number
• date of birth
• subscriber ID (written on contract and every monthly bill)
• phone/mobile number (which needs help)
• the total of your last bill

... and sometimes even more.

In case you're contacting them via e-mail, they won't help you if the e-mail address wasn't previously verified (meaning you have to send them request to add your e-mail address in their base as the official way of contact). They won't even send you a new SIM card if you call them, you have to go to their store.

There are so many requirements it gets on my nerves sometimes; but all in the name of security.

 

[[correlate]]

Is SIM swapping still a problem in the US, Canada? It was never a problem here. Though, we did had cases long time ago when criminals would use lost/stolen ID cards and went to ISP stores to buy phones and sign a postpaid contracts; leaving victims with huge bills to pay. Fortunately, only a small number of people were scammed before ISPs started doing stricter checks.

Now, even when dealing with customer support, they'll ask a whole number of questions to confirm that it is really you in fact, before helping you with anything.
They ask for:

• ID number
• personal identification number
• date of birth
• subscriber ID (written on contract and every monthly bill)
• phone/mobile number (which needs help)
• the total of your last bill

... and sometimes even more.

In case you're contacting them via e-mail, they won't help you if the e-mail address wasn't previously verified (meaning you have to send them request to add your e-mail address in their base as the official way of contact). They won't even send you a new SIM card if you call them, you have to go to their store.

There are so many requirements it gets on my nerves sometimes; but all in the name of security.

If it does not pose a great danger to the citizen in America
But citizens in Europe or Asia may be exposed to potential harm

 

[Trident]

If it does not pose a great danger to the citizen in America
But citizens in Europe or Asia may be exposed to potential harm

It’s a whole thing here in the UK to get a new SIM so I doubt it. They would ask you to do a Chip and PIN with a card that has previously been verified and they will ask plenty of security questions. Good luck to Lapsus.

 

[Marko :)]

It’s a whole thing here in the UK to get a new SIM so I doubt it. They would ask you to do a Chip and PIN with a card that has previously been verified and they will ask plenty of security questions. Good luck to Lapsus.

Yeah, with security in Europe we have, they have no chance with SIM swapping. Also, even if they started sending SIMs over the phone here (which they don't), I doubt they'll issue a new SIM card of someone with Croatian name speaking English. And good luck fooling them with Google Translate and Croatian accent.