AT&T has launched a brand new safety function referred to as “Wi-fi Lock” that protects prospects from SIM swapping assaults by stopping modifications to their account info and the porting of telephone numbers whereas the function is enabled.
This new function has been accessible for some prospects for nearly a yr and has now been rolled out to all AT&T prospects.
SIM swap assaults are when cybercriminals port, or transfer, a focused telephone quantity to a tool below their management. This enables them to intercept the goal’s calls, texts, and multi-factor authentication codes to breach additional accounts, akin to electronic mail, banking, and cryptocurrency wallets.
In some instances, menace actors conduct SIM swap assaults by tricking or bribing telecom workers into transferring numbers from prospects’ SIM playing cards to a brand new system.
With the new AT&T function, prospects can log in to the corporate’s cellular app or web site to “lock” their quantity, stopping anybody, together with AT&T workers, from porting the quantity to a brand new SIM card or transferring it to a different supplier until the setting is first disabled.
The function additionally protects different varieties of info, akin to altering billing info, approved customers, and altering telephone numbers. Enterprise accounts obtain extra options, together with the power to exempt sure traces from the lock or limit particular account modifications when enabled.
Supply: AT&T
Whereas it’s good to see that AT&T has lastly launched this function, it comes late, as different carriers, akin to Verizon, have had it for nearly 5 years.
SIM swap assaults have been linked to quite a few safety incidents over the previous 5 years.
In 2020, Joseph James O’Connor, aka ‘PlugwalkJoke,’ pleaded responsible to conducting SIM swap assaults that resulted within the theft of $794,000 in cryptocurrency.
In 2021,  T-Cellular warned some prospects that attackers carried out SIM swap assaults to compromise different accounts they owned. In 2023, hackers exploited a knowledge breach at Google Fi to hold out SIM swaps.
Risk actors, like these related to Scattered Spider, have been charged within the U.S. for utilizing SIM swaps to infiltrate company networks.
Different current assaults embody eSIM hijacking campaigns the place criminals activated digital SIMs in victims’Â names to grab management of numbers.
Nevertheless, it isn’t at all times third-party hackers who conduct the SIM swap assaults.
Final yr, Verizon and T-Cellular workers started receiving texts on their private and work telephones, attempting to bribe them with $300 to carry out SIM swaps.
In 2023, the FCC adopted new guidelines to require stricter identification verification throughout SIM swaps and quantity transfers.Â
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key methods utilized by cloud-fluent menace actors.
