AT&T has launched a brand new safety characteristic referred to as “Wi-fi Lock” that protects prospects from SIM swapping assaults by stopping modifications to their account data and the porting of telephone numbers whereas the characteristic is enabled.
This new characteristic has been accessible for some prospects for nearly a 12 months and has now been rolled out to all AT&T prospects.
SIM swap assaults are when cybercriminals port, or transfer, a focused telephone quantity to a tool beneath their management. This enables them to intercept the goal’s calls, texts, and multi-factor authentication codes to breach additional accounts, corresponding to electronic mail, banking, and cryptocurrency wallets.
In some instances, menace actors conduct SIM swap assaults by tricking or bribing telecom staff into transferring numbers from prospects’ SIM playing cards to a brand new gadget.
With the new AT&T characteristic, prospects can log in to the corporate’s cell app or web site to “lock” their quantity, stopping anybody, together with AT&T staff, from porting the quantity to a brand new SIM card or transferring it to a different supplier until the setting is first disabled.
The characteristic additionally protects different varieties of data, corresponding to altering billing data, licensed customers, and altering telephone numbers. Enterprise accounts obtain extra options, together with the power to exempt sure strains from the lock or limit particular account modifications when enabled.
Supply: AT&T
Whereas it’s good to see that AT&T has lastly launched this characteristic, it comes late, as different carriers, corresponding to Verizon, have had it for nearly 5 years.
SIM swap assaults have been linked to quite a few safety incidents over the previous 5 years.
In 2020, Joseph James O’Connor, aka ‘PlugwalkJoke,’ pleaded responsible to conducting SIM swap assaults that resulted within the theft of $794,000 in cryptocurrency.
In 2021, T-Cell warned some prospects that attackers carried out SIM swap assaults to compromise different accounts they owned. In 2023, hackers exploited a knowledge breach at Google Fi to hold out SIM swaps.
Risk actors, like these related to Scattered Spider, have been charged within the U.S. for utilizing SIM swaps to infiltrate company networks.
Different latest assaults embrace eSIM hijacking campaigns the place criminals activated digital SIMs in victims’ names to grab management of numbers.
Nevertheless, it’s not at all times third-party hackers who conduct the SIM swap assaults.
Final 12 months, Verizon and T-Cell staff started receiving texts on their private and work telephones, making an attempt to bribe them with $300 to carry out SIM swaps.
In 2023, the FCC adopted new guidelines to require stricter identification verification throughout SIM swaps and quantity transfers.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key strategies utilized by cloud-fluent menace actors.
