Tag Archive for: telcos

Unified API Protection for Telcos and Mobile Carriers – Time to Value

/in


Largest Mobile Carrier Identified 4,600 APIs
in Days, not Weeks, or Months

The security team at the nation’s largest mobile carrier had a problem trying to obtain a consistent and complete inventory of the company’s sprawling API footprint. Business critical API-based applications were driving the mobile carrier’s day-to-day business of managing their mobile network, but the number of APIs were quickly outstripping their ability to keep track of them all.

Key Objectives: A Complete API Catalog

A 2021 security team objective was to obtain a complete running inventory of all their APIs within their organization to ensure that they understood their entire API footprint. Across the organization, they had software groups that supported API application development but worked independently of each other. What resulted was shadow APIs that were not cataloged and were without the oversight of the security team. However, because so many teams were associated with API development, and in the absence of API protection solutions, the cataloging process for both managed and unmanaged APIs was difficult, time-consuming, and lacked accuracy.

AppSec/API Security 2022

Scratching the Surface

When asked how many APIs they had, the security team replied that they had roughly 100 APIs that had been documented manually. They intuitively knew that they were only scratching the surface as there were (likely) hundreds if not thousands of APIs still unaccounted for and not within their existing API catalog.

API Sentinel Automates API Discovery

Cequence introduced API Sentinel to the security team and a proof of concept (PoC) was kicked off. By deploying API Sentinel, in just a matter of days, they were able to discover over 4,600 API endpoints that were active across their infrastructure – a 98% increase in API visibility and inventory over what the security team had just days prior to the introduction of Cequence. Moreover, they were able to obtain deep security insights that included the following:

  • 6 sensitive data exposure incidents where customer ID, account number and other related business sensitive data was exposed.
  • 5 instances of user authentication issues where username and passwords were exposed in cleartext,…

Source…

Beware of Hacking Group Targeting Telcos, ISPs, NCC Warns

/in


Emma Okonji

The Nigerian Communications Commission (NCC) has again alerted members of the public of the existence of another hacking group orchestrating cyber-espionage in the African telecoms space.

In a statement signed by its Director, Public Affairs, Dr. Ikechukwu Adinde, the agency disclosed that an Iranian hacking group known as Lyceum (also known as Hexane, Siamesekitten, or Spirlin) had been reported to be targeting telecoms, Internet Service Providers (ISPs) and Ministries of Foreign Affairs (MFA) in Africa with upgraded malware in a recent politically motivated attacks oriented in cyber-espionage.

According to the statement, “Information about this cyber-attack is contained in the latest advisory issued by the Nigerian Computer Emergency Response Team (ngCERT). The ngCERT rated the probability and damage level of the new malware as high.”

The NCC quoted the advisory, which stated that the hacking group was known to be focused on infiltrating the networks of telecoms companies and ISPs.

Between July and October 2021, Lyceum was implicated in attacks against ISPs and telecoms organisations in Israel, Morocco, Tunisia, and Saudi Arabia, the statement revealed.

“The advanced persistent threat (APT) group has been linked to campaigns that hit Middle Eastern oil and gas companies in the past. Now, the group appears to have expanded its focus to the technology sector. In addition, the APT is responsible for a campaign against an unnamed African government’s Ministry of Foreign Affairs.

“By the attackers’ mode of operation, Lyceum’s initial onslaught vectors include credential stuffing and brute-force attacks. So, once a victim’s system is compromised, the attackers conduct surveillance on specific targets.

“In that mode, Lyceum will attempt to deploy two different kinds of malware: Shark and Milan (known together as James).

“Both malware are backdoors. Shark, a 32-bit executable written in C# and .NET, generates a configuration file for domain name system (DNS) tunneling or Hypertext Transfer Protocol (HTTP) C2 communications; whereas Milan – a 32-bit Remote Access Trojan (RAT) retrieves data,” the statement…

Source…

Again, NCC Alerts of Hacking Group Targeting Telcos, ISPs

/in


Tuesday, November 16, 2021 / 09:39 AM / by
NCC / Header Image Credit: Tech Edge

 

In keeping with its commitment to continuously keep
stakeholders in the country’s telecoms sector informed, educated, and protected,
the Nigerian Communications Commission (NCC) wishes to, once again, notify the
public of the existence of another hacking group orchestrating cyberespionage
in the African telecoms space.

 

An Iranian hacking group known as Lyceum (also known
as Hexane, Siamesekitten, or Spirlin) has been reported to be targeting
telecoms, Internet Service Providers (ISPs) and Ministries of Foreign Affairs
(MFA) in Africa with upgraded malware in a recent politically motivated attacks
oriented in cyberespionage.

Proshare Nigeria Pvt. Ltd.

Information about this cyber attack is contained in
the latest advisory issued by the Nigerian Computer Emergency Response Team
(ngCERT). The ngCERT rated the probability and damage level of the new malware
as high.

 

According to the advisory, the hacking group is known
to be focused on infiltrating the networks of telecoms companies and ISPs.
Between July and October 2021, Lyceum was implicated in attacks against ISPs
and telecoms organisations in Israel, Morocco, Tunisia, and Saudi Arabia.

 

The advanced persistent threat (APT) group has been
linked to campaigns that hit Middle Eastern oil and gas companies in the past.
Now, the group appears to have expanded its focus to the technology sector. In
addition, the APT is responsible for a campaign against an unnamed African
government’s Ministry of Foreign Affairs.

 

By the attackers’ mode of operation, Lyceum’s initial
onslaught vectors include credential stuffing and brute-force attacks. So, once
a victim’s system is compromised, the attackers conduct surveillance on
specific targets. In that mode, Lyceum will attempt to deploy two different
kinds of malware: Shark and Milan (known together as James).

 

Both malware are backdoors. Shark, a 32-bit executable
written in C# and .NET, generates a configuration file for domain name system
(DNS) tunneling or Hypertext Transfer Protocol (HTTP) C2 communications;
whereas Milan – a 32-bit Remote Access Trojan (RAT) retrieves data.

 

Source…

Iran’s Lyceum threat group active against telcos, ISPs. Clopp hits unpatched SolarWinds instances. Mercenaries. Patch Tuesday.

/in


Attacks, Threats, and Vulnerabilities

Iranian cyber group targets Israel, Saudis, Africans – report ( The Jerusalem Post | JPost.com ) An Iranian hacker group called Lyceum has targeted Israel, Saudi Arabia, Morocco, Tunisia and others.

Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors (Forbes) An unprecedented peek inside an underground hacker-for-hire operation reveals 3,500 targets, including Belarusian presidential candidates, Uzbek human rights activists and a cryptocurrency exchange.

Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks (BleepingComputer) The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices.

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access (NCC Group Research) NCC Group’s global Cyber Incident Response Team has observed an increase in Clop ransomware victims in the past weeks. The surge can be traced back to a vulnerability in SolarWinds Serv-U that is being abused by the TA505 threat actor. TA505 is a known cybercrime threat actor, who is known for extortion attacks using the Clop ransomware. We believe exploiting such vulnerabilities is a recent initial access technique for TA505, deviating from the actor’s usual phishing-based approach.

Russian Cybercrime Group Exploits SolarWinds Serv-U Vulnerability (SecurityWeek) The Russia-linked ‘Evil Corp’ cybercrime group has been exploiting a vulnerability in SolarWinds Serv-U for initial infection.

Vulnerable smart contracts and fake blockchains: What do investors need to know? (Digital Shadows) Well, here we are again. Another blog on a topic that’s often spoken about but little understood: cryptocurrency. Cryptocurrency-related decentralized finance (DeFi) is seeing unprecedented interest from retail and institutional investors alike.

FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise (SecurityWeek) The Federal Bureau of Investigation (FBI) this week issued an alert on fraud schemes that direct victims to use cryptocurrency ATMs and Quick Response (QR) codes to…

Source…