Lapsus$ hackers took SIM-swapping attacks to the next level

[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
May 4, 2019
830
Content source
https://www.bleepingcomputer.com/news/security/lapsus-hackers-took-sim-swapping-attacks-to-the-next-level/
The U.S.A. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.
Reviewing the group's operations started in December last year following a long trail of incidents attributed to or claimed by Lapsus$ after leaking proprietary data from alleged victims.
Among high-profile companies impacted by Lapsus$ are Microsoft, Cisco, Okta, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, and Globant.
Click to expand...
www.bleepingcomputer.com

Lapsus$ hackers took SIM-swapping attacks to the next level

The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Applause
Reactions: piquiteco, vtqhtr413, Nevi and 6 others
Marko :)

Marko :)

Level 24
Verified
Top Poster
Well-known
Aug 12, 2015
1,377
Is SIM swapping still a problem in the US, Canada? It was never a problem here. Though, we did had cases long time ago when criminals would use lost/stolen ID cards and went to ISP stores to buy phones and sign a postpaid contracts; leaving victims with huge bills to pay. Fortunately, only a small number of people were scammed before ISPs started doing stricter checks.

Now, even when dealing with customer support, they'll ask a whole number of questions to confirm that it is really you in fact, before helping you with anything.
They ask for:
  • ID number
  • personal identification number
  • date of birth
  • subscriber ID (written on contract and every monthly bill)
  • phone/mobile number (which needs help)
  • the total of your last bill
... and sometimes even more.

In case you're contacting them via e-mail, they won't help you if the e-mail address wasn't previously verified (meaning you have to send them request to add your e-mail address in their base as the official way of contact). They won't even send you a new SIM card if you call them, you have to go to their store.

There are so many requirements it gets on my nerves sometimes; but all in the name of security.
 
  • Like
  • Applause
Reactions: piquiteco, vtqhtr413, Trident and 1 other person
[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
May 4, 2019
830
Marko :) said:
Is SIM swapping still a problem in the US, Canada? It was never a problem here. Though, we did had cases long time ago when criminals would use lost/stolen ID cards and went to ISP stores to buy phones and sign a postpaid contracts; leaving victims with huge bills to pay. Fortunately, only a small number of people were scammed before ISPs started doing stricter checks.

Now, even when dealing with customer support, they'll ask a whole number of questions to confirm that it is really you in fact, before helping you with anything.
They ask for:
  • ID number
  • personal identification number
  • date of birth
  • subscriber ID (written on contract and every monthly bill)
  • phone/mobile number (which needs help)
  • the total of your last bill
... and sometimes even more.

In case you're contacting them via e-mail, they won't help you if the e-mail address wasn't previously verified (meaning you have to send them request to add your e-mail address in their base as the official way of contact). They won't even send you a new SIM card if you call them, you have to go to their store.

There are so many requirements it gets on my nerves sometimes; but all in the name of security.
Click to expand...
If it does not pose a great danger to the citizen in America
But citizens in Europe or Asia may be exposed to potential harm
 
  • Like
Reactions: piquiteco, vtqhtr413, Marko :) and 2 others
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,356
Correlate said:
If it does not pose a great danger to the citizen in America
But citizens in Europe or Asia may be exposed to potential harm
Click to expand...
It’s a whole thing here in the UK to get a new SIM so I doubt it. They would ask you to do a Chip and PIN with a card that has previously been verified and they will ask plenty of security questions. Good luck to Lapsus.
 
  • Like
Reactions: piquiteco, vtqhtr413, Nevi and 2 others
Marko :)

Marko :)

Level 24
Verified
Top Poster
Well-known
Aug 12, 2015
1,377
Trident said:
It’s a whole thing here in the UK to get a new SIM so I doubt it. They would ask you to do a Chip and PIN with a card that has previously been verified and they will ask plenty of security questions. Good luck to Lapsus.
Click to expand...
Yeah, with security in Europe we have, they have no chance with SIM swapping. Also, even if they started sending SIMs over the phone here (which they don't), I doubt they'll issue a new SIM card of someone with Croatian name speaking English. And good luck fooling them with Google Translate and Croatian accent. 😂
 
  • Like
  • HaHa
Reactions: piquiteco, vtqhtr413, Nevi and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News Psychiatrists Say GTA 6 (Lapsus$) Hacker is Unfit to Stand Trial
Replies
2
Views
2,554
Security News
ForgottenSeer 103564
F
In2an3_PpG
    • Like
Chinese Cybersecurity Workers Hacked Firms, US Charges
Replies
0
Views
1,907
News Archive
In2an3_PpG
In2an3_PpG
omidomi
    • Like
Security News Russia Wanted to Be Caught, Says Company Waging War on the DNC Hackers
Replies
19
Views
2,556
News Archive
Rod McCarthy
R

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top