Cybercriminals are exploiting flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world, to empty bank accounts by intercepting messages sent for two-factor-authentication(2FA).
The exploit can allow threat actors to track phones across the planet and intercept text messages and phone calls without hacking the phone itself.
While known that intelligence agencies and surveillance contractors could carry out these kind of attacks, Motherboard reported confirmation of financially-motivated criminal organizations using the technique to empty accounts at the U.K.’s Metro Bank in a recent attack.
No comments:
Post a Comment