AT&T has launched a brand new safety function known as “Wi-fi Lock” that protects prospects from SIM swapping assaults by stopping adjustments to their account data and the porting of telephone numbers whereas the function is enabled.
This new function has been accessible for some prospects for nearly a 12 months and has now been rolled out to all AT&T prospects.
SIM swap assaults are when cybercriminals port, or transfer, a focused telephone quantity to a tool below their management. This enables them to intercept the goal’s calls, texts, and multi-factor authentication codes to breach additional accounts, resembling electronic mail, banking, and cryptocurrency wallets.
In some instances, risk actors conduct SIM swap assaults by tricking or bribing telecom workers into transferring numbers from prospects’ SIM playing cards to a brand new system.
With the new AT&T functionprospects can log in to the corporate’s cellular app or web site to “lock” their quantity, stopping anybody, together with AT&T workers, from porting the quantity to a brand new SIM card or transferring it to a different supplier until the setting is first disabled.
The function additionally protects different forms of data, resembling altering billing data, licensed customers, and altering telephone numbers. Enterprise accounts obtain further options, together with the flexibility to exempt sure strains from the lock or prohibit particular account adjustments when enabled.
Wi-fi Lock options by account sort
Supply: AT&T
Whereas it’s good to see that AT&T has lastly launched this function, it comes late, as different carriers, resembling Verizon, have had it for nearly 5 years.
SIM swap assaults have been linked to quite a few safety incidents over the previous 5 years.
In 2020, Joseph James O’Connor, aka ‘PlugwalkJoke,’ pleaded responsible to conducting SIM swap assaults that resulted within the theft of $794,000 in cryptocurrency.
In 2021, T-Cellular warned some prospects that attackers carried out SIM swap assaults to compromise different accounts they owned. In 2023, hackers exploited a information breach at Google Fi to hold out SIM swaps.
Menace actors, like these related to Scattered Spider, have been charged within the U.S. for utilizing SIM swaps to infiltrate company networks.
Different current assaults embody eSIM hijacking campaigns the place criminals activated digital SIMs in victims’ names to grab management of numbers.
Nevertheless, it’s not at all times third-party hackers who conduct the SIM swap assaults.
Final 12 months, Verizon and T-Cellular workers started receiving texts on their private and work telephones, attempting to bribe them with $300 to carry out SIM swaps.
In 2023, the FCC adopted new guidelines to require stricter id verification throughout SIM swaps and quantity transfers.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key strategies utilized by cloud-fluent risk actors.
