EXECUTIVE SUMMARY:
After an unauthorized entry into systems, a cyber criminal gained access to Mint Mobile’s client information. The attacker walked away with account details that enabled him or her to port phone numbers to another carrier.
As a result, a limited number of Mint Mobile subscribers temporarily found themselves with another carrier’s service. In addition, the nefarious threat actor obtained information about customers’ call histories, first and last names, email addresses, and passwords.
Affected customers received notification concerning the incident, which took place between June 8th and June 10th. The attack reflects the need for telecommunications organizations to implement high levels of security in regards to systems.
Unauthorized entry: Your Mint Mobile account
In the event that your data may have been compromised, experts advocate for you to change your Mint Mobile password. In addition, Mint Mobile users may also want to keep a lookout for social engineering attempts. A threat actor with client information of this kind can potentially launch phishing attacks via email or text message.
Other steps to protect identity
Affected Mint Mobile customers should consider increasing cyber security protections on any accounts connected to a Mint Mobile phone number. Amazon, Netflix, Dating Apps and other platforms often leverage phone numbers as part of their authentication methodologies.
USCellular attack
Earlier this year, USCellular reported experiencing a similar cyber attack. In January, cyber criminals tricked employees into downloading malicious software. The software enabled the bad actors to gain visibility into the company’s private network environment.
Telecommunication industry attacks
Unauthorized entry attempts and advanced persistent threats are all-to-common experiences for telecommunications operators. Due to the fact that telecom companies operate critical infrastructure, the fallout from a cyber attack can be extensive and severely damaging. However, protecting telecommunications infrastructure isn’t easy.
Top attack types: Telecommunications companies
- 43% of telcoms report experiencing Domain Name System (DNS) malware-based attacks.
- 74% of telcoms witnessed attacks against employees, including C-level executives.
- DDoS attacks increased by 16% worldwide last year, and telecoms were among the most common targets.
Cyber security in the telecommunications space
Cyber criminals’ techniques are evolving at breakneck speed, but cyber security is evolving even faster. Cyber security professionals agree that industry advances are noticeably enhancing cyber resilience. Nonetheless, strategies grow outdated quickly, and now is the perfect time to review your efforts and their effects on your organization’s cyber security posture.
- Start with besting the basics. Be sure that you’re really blocking as many Gen V and Gen VI threats as possible. One of the top telcoms in the US recently asserted that the company needed to improve visibility into their network systems, to increase the ease of use when it came to their tools, and to upgrade their attack prevention methodology. Making these simple measures into priorities can dramatically improve your organization’s cyber resilience.
- Then, take an innovative approach. In the last three years, the number of technology leaders who spend 20 percent or more of their budgets on advanced technology investments has doubled. Eighty-four percent of organizations are investing in machine learning, artificial intelligence or robotic process automation-related cyber security tools. These types of investments make sense financially, as they can instantly alert teams to any issues.
- Reconsider your cloud based application management. Telcoms commonly use multiple cloud products, some of which are made available to customers, while others of which may only remain available internally. This makes cloud management complex. Cyber security solutions with multi-tenant features enable you to manage cloud security in whatever way makes sense for your business.
- Support systems with automatic updates. Ensure that your organization works with a cyber security vendor that can configure automatic updates for your systems. Also ensure that you’re able to see newly downloaded protections. This will assist you in staying secure.
For more information about keeping telecommunications companies secure, see our whitepaper.