The target: UScelluar, the fourth largest mobile network operator in the United States.
The take: Customer records of personally identifiable information including: names, addresses, account names and PIN codes, telephone numbers, information on their phone service plans, and the ability to alter the phone number on accounts which receive two-factor authentication texts.
The attack vector: The attackers tricked retail employees into downloading malicious software which contained a RAT (remote access tool), allowing the threat actors to access the computer systems remotely. As the employees were already logged into the CRM (customer retail management) software, the hackers were able to move freely within the systems using an employee’s credentials.
Social engineering is a widely used tactic by attackers to exploit our innate desire to be helpful in a quick manner without thinking through the consequences. The employee’s mistake, innocent or not, of clicking on an unverified link granted the attacker the ability to install a Remote Access Tool and navigate through the company’s systems under legitimate credentials. Continuous employee education around suspicious links, and the social engineering tactics they’re paired with, are critical components of a firm’s robust cybersecurity posture.