![\"\"](\"https:\/\/airome.tech\/wp-content\/uploads\/2019\/02\/17-1-mini.jpg\")
<\/p>\nA new type of cyber attack was used for the first time against the Metro Bank, threat actors are leveraging known flaws in the SS7 signaling protocol to intercept the codes sent via text messages to customers to authorize transactions.<\/p>\n
The Signaling System 7, aka SS7, which is a set of protocols developed in 1975 that allows the connections of one mobile phone network to another. The information passed from a network to another is needed for routing calls and text messages between several networks.<\/p>\n
The SS7 performs out-of-band signaling in support of the call establishment, billing, routing, and information exchange functions of the public switched telephone network (PSTN).<\/p>\n
Attackers exploited the flaw in the SS7 protocol to defeat the 2FA authentication used by Metro Bank to protect its customers.<\/p>\n
\u201cThis activity was typically only within reach of intelligence agencies or surveillance contractors, but now Motherboard has confirmed that this capability is much more widely available in the hands of financially-driven cybercriminal groups, who are using it to empty bank accounts.\u201d reported Motherboard that first reported the attacks.<\/p>\n
\u201cSo-called SS7 attacks against banks are, although still relatively rare, much more prevalent than previously reported. Motherboard has identified a specific bank\u2014the UK\u2019s Metro Bank\u2014that fell victim to such an attack.\u201c<\/p>\n
<\/p>\n
This is not an isolated case, other banks have also been affected by this specific attack. A Metro Bank spokesman confirmed that only a \u201csmall number\u201d of the bank\u2019s customers had been affected.<\/p>\n
\u201cAt Metro Bank we take our customers\u2019 security extremely seriously and have a comprehensive range of safeguards in place to help protect them against fraud. We have supported telecommunication companies and law enforcement authorities with an industry-wide investigation and understand that steps have been taken to resolve the issue.\u201d said the Bank spokesman.<\/p>\n
\u201cOf those customers impacted by this type of fraud, an extremely small number have been Metro Bank customers and none have been left out of pocket as a result. Customers should continue to remain vigilant and report any suspicious activity using the number on the back of their card or on our website.\u201d<\/p>\n
Metro Bank immediately informed the authorities of the attacks, but many other financial institutions that were affected by SS7 attacks have not disclosed it.<\/p>\n
\u201cWe are aware of a known telecommunications vulnerability being exploited to target bank accounts by intercepting SMS text messages used as 2-Factor Authentication (2FA).\u201d said National Cyber Security Centre spokesman.<\/p>\n
\u201cWhile text messages are not the most secure type of two-factor authentication, they still offer a huge advantage over not using any 2FA at all.\u201d<\/p>\n
Karsten Nohl, a researcher from Security Research Labs, conducted numerous studies on the flaws affecting the SS7 protocol and confirmed that many banks suffered similar attacks.<\/p>\n
\u201cSome of our clients in the banking industry or other financial services; they see more and more SS7-based [requests],\u201d Karsten Nohl, a researcher from Security Research Labs who has worked on SS7 for years, told Motherboard in a phone call. \u201cAll of a sudden you have someone\u2019s text messages.\u201d<\/p>\n
Major British UK company BT confirmed that it is aware of SS7 attacks to commit banking fraud.<\/p>\n
\u201cCustomer security is our top priority so we\u2019re always upgrading our systems and working with the industry and banks to help protect our customers.\u201d a BT spokesperson.<\/p>\n
Who is behind the SS7 attacks on Metro Bank?<\/p>\n
Experts believe there is a well-resourced and coordinate cyber criminal group of highly skilled professionals.<\/p>\n
\u201c[Graeme Coffey, head of sales at cybersecurity firm AdaptiveMobile] said criminals could have acquired access from legitimate providers, or are piggybacking off that access, making the SS7 requests appear somewhat more legitimate.\u201d concludes Motherboard. \u201cNohl pointed to how hackers could target someone who already has SS7 access. In 2017, this reporter went undercover as an SMS routing service and was successfully offered SS7 access for around $10,000.\u201d<\/p>\n
<\/p>\n
by Security Affairs<\/p>\n