[TheRecord] FCC to work on rules to prevent SIM swapping attacks

The Federal Communications Commission announced today plans to introduce new rules for US mobile carriers to address the rising wave of SIM swapping and port-out fraud attacks.

The two attacks, while they have different names, are closely related. Both take place when mobile carriers fail to properly verify a customer’s identity when they request that their service be transferred to a new SIM card (SIM swapping attack) or to an account at another mobile operator (port-out fraud).

Once threat actors trick a carrier into transferring service to a new SIM card under their control, they typically use this temporary access to bypass two-factor authentication or reset passwords for online accounts.

Both attacks have been primarily used over the past three years to steal funds from a victims’ e-banking or cryptocurrency accounts.

The US Justice Department has charged tens of individuals over the past half-decade with thefts enabled by SIM swapping and port-out fraud [1234].

Some of the victims who have been robbed using the two techniques have also sued mobile carriers in an attempt to recover their monetary losses, with multiple lawsuits still underway.

In addition, SIM swapping and port-out fraud has also expanded from the US, and criminal groups in other countries have also begun incorporating the two techniques in their arsenals, with Europol arresting tens of suspects already.

But in recent years, as some US carriers have introduced additional verification measures during the SIM service transfer operation, SIM swapping groups have also changed tactics.

Some groups have been seen bribing carrier employees or using vulnerabilities in the carrier’s backend systems to carry out their attacks, skipping the need to have direct contact and “trick” the carrier’s support staff.

This has led to a situation where both attacks are still very much relevant and still abused by some criminal gangs.

In its press release today announcing its “formal rulemaking process,” the FCC cited “numerous complaints from consumers” as the reason for its intervention, making it clear that US mobile carriers have failed in securing their systems and protecting consumers.

The FCC has not announced a timeline for the new rules, nor has it indicated in what direction the rules would go. An FCC spokesperson did not return a request for comment.

The post FCC to work on rules to prevent SIM swapping attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Illumio Raises $225 Million at $2.75 Billion Valuation

All posts, Security Week

Zero trust segmentation solutions provider Illumio on Thursday announced that it has raised $225 million in a Series F funding round, which brings the total raised by the company to more than $550 million. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[TheRecord] Neiman Marcus discloses data breach impacting 4.6 million customers

Luxury department store chain Neiman Marcus has disclosed a data breach on Thursday that has exposed the personal information of more than 4.6 million of its customers. The Dallas-based company, which owns three fashion brands and operates 37 stores across major US cities, disclosed the incident in a message posted on its corporate website. According to the […]

Read More

[NCSC-FI News] Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.