Page 3 - Threat Intelligence Brief 9-13-2019

P. 3

Perspective:

State of the

Marketplace

Regular readers of this brief understand that Business Email
Compromises (BEC) have been on the rise, and their effectiveness has

been damaging to businesses around the globe. New numbers from the
FBI has damages from BEC at a staggering 26 Billion dollars. Awareness
around this type of attack has led to increased reporting, but it has not
changed the curve around the number of incidents and the losses
involved. However, leaders need to use these numbers to inform and

educate their users to ensure that they are not the next victim.

A new critical vulnerability was recently revealed that allows an attacker
to infect mobile devices by sending a special SMS message. The
vulnerability is on most SIM cards and can be exploited regardless of
which handsets the victim is using. Of note is that this vulnerability has

been exploited for the past 2 years for surveillance purposes. The
vulnerability can be exploited using a $10 GSM modem to perform
several tasks, listed below, on a targeted device just by sending an SMS

containing a specific type of spyware-like code.
• Retrieving targeted device' location and IMEI information,

• Spreading mis-information by sending fake messages on
behalf of victims,
• Performing premium-rate scams by dialing premium-rate

numbers,
• Spying on victims' surroundings by instructing the device to
call the attacker's phone number,
• Spreading malware by forcing victim's phone browser to open
a malicious web page,

• Performing denial of service attacks by disabling the SIM card,
and
• Retrieving other information like language, radio type, battery

level, etc. 3
Nothing is in place for remediation currently, but stay tuned!

~Stay Secure

www.accumepartners.com

1 2 3 4 5 6 7 8