WWW.FOXNEWS.COM
T-Mobile hacked by Chinese cyber espionage in major attack on US telecoms
Tech T-Mobile hacked by Chinese cyber espionage in major attack on US telecoms Learn how to stay safe amid rise in telecom data breaches Published November 18, 2024 10:00am EST | Updated November 18, 2024 4:47pm EST close 'CyberGuy': NSA urges Americans to reboot phones once a week. Why? Tech expert Kurt Knutsson says the National Security Agency advises weekly phone reboots to protect against cyberattacks and enhance mobile security. The telecom industry is one of cybercriminals' favorite targets, likely because of the sensitive data it stores. Your carrier knows who you call and what you text. This type of information is valuable not only to hackers but also to governments. Thats probably why U.S. phone giant T-Mobile was hacked as part of a broad cyberattack on domestic and international phone and internet companies in recent months.IM GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYSEnter bysigning up for my free newsletter! T-Mobile booth (T-Mobile) (Kurt "CyberGuy" Knutsson)What you need to knowThere was unauthorized access to a limited number of T-Mobile routers using methods indicative of a major Chinese cyber-espionage operation, but T-Mobiles layered defenses and security monitoring enabled T-Mobile to quickly identify and shut down the threat.The report revealed that hackers connected to a Chinese intelligence agency breached T-Mobile as part of a monthslong effort to spy on the cellphone communications of high-value intelligence targets. The report did not specify when the attack occurred, but T-Mobile says no customer calls or communication records were stolen.The U.S. government alsoconfirmed this month that Chinese hackers breached multiple U.S. telecommunications service providers to access wiretap systems used by law enforcement for surveillance of Americans. Wiretap systems allow law enforcement agencies to monitor phone calls, text messages and internet communications as part of investigations, typically with a warrant.CISA (Cybersecurity and Infrastructure Security Agency) and the FBI issued a joint statement revealing "a broad and significant" cyber-espionage campaign. The statement disclosed that PRC-affiliated hackers had breached networks at "multiple telecommunications companies" across the United States. While CISA and the FBI did not name the organizations affected, multiple reports suggest that T-Mobile, AT&T, Lumen (formerly CenturyLink) and Verizon are likely on the list.WSJ reported in October that Chinese hackers had access to the networks "for months or longer," enabling them to collect "internet traffic from internet service providers that count businesses large and small and millions of Americans as their customers." Illustration of a hacker at work (Kurt "CyberGuy" Knutsson)T-Mobiles many data breachesT-Mobile has faced several hacks in recent years. In 2021, a malicious actor breached T-Mobiles lab environment by posing as a legitimate connection to an unidentified piece of equipment. The hacker guessed passwords for multiple servers and moved laterally through the network, ultimately stealing personal data, including names, addresses, Social Security numbers and drivers license IDs, from tens of millions of customers.In 2022, T-Mobile experienced another breach when a malicious actor used SIM-swapping, phishing and other tactics to infiltrate the companys internal platform for managing mobile resellers who serve T-Mobile customers.The troubles continued into 2023. Early in the year, hackers used phished credentials from dozens of T-Mobile retail employees to access a sales application originally set up during the COVID-19 pandemic for remote viewing of customer data. Then, in January 2023, a misconfigured application programming interface exposed personal data for 37 million current customers, marking yet another significant security lapse. Illustration of a hacker at work (Kurt "CyberGuy" Knutsson)T-Mobiles responseWhen CyberGuy reached out to T-Mobile regarding the latest security incident, a spokesperson provided the following statement: "T-Mobile is closely monitoring this industry-wide attack. Due to our security controls, network structure and diligent monitoring and response we have seen no significant impacts to T-Mobile systems or data. We have no evidence of access or exfiltration of any customer or other sensitive information as other companies may have experienced. We will continue to monitor this closely, working with industry peers and the relevant authorities."5 ways to stay safe amid the rise in telecom data breaches1) Change your passwords regularly: Make it a habit to update your passwords every few months, especially for your telecom accounts and related services. Use strong, unique passwords that include a mix of letters, numbers and symbols.Password managers can help you generate and store these securely.2) Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach.Check out my top picks for data removal services here.3) Use identity theft protection: Identity theft protection services monitor your accounts for unusual activity, alert you to potential threats and can even assist in resolving issues if your data is compromised.See my tips and best picks on how to protect yourself from identity theft.4) Enable two-factor authentication (2FA): Add an extra layer of security to your telecom accounts with2FA. This requires a second form of verification, like a text code or an app-based prompt, making it harder for hackers to access your accounts even if they have your password.5) Guard against phishing scams with strong antivirus software: Be cautious about unsolicited calls, texts or emails that ask for personal information or account access. Legitimate companies won't ask for sensitive details this way. If something seems off, contact your telecom provider directly through official channels. Whatever you do, don't click on links, as they can lead to scams or malware.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.Kurts key takeawayTelecom providers like T-Mobile and AT&T are frequent targets for hackers. Over the last two years, millions of Americans have had their data stolen, things like call records, text messages and even personal details. The issue got so bad that the FCC stepped in, warning T-Mobile to step up its cybersecurity efforts. The company was fined about $30 million, split between a $15 million penalty and a mandatory $15 million investment in better security. Unfortunately, if the companies handling your data keep getting breached, there's only so much you can do.Do fines and penalties for telecom companies feel like enough of a deterrent, or should they face stricter consequences? Let us know by writing us at Cyberguy.com/Contact.CLICK HERE TO GET THE FOX NEWS APPFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Follow Kurt on his social channels:Answers to the most asked CyberGuy questions:New from Kurt:Copyright 2024 CyberGuy.com.All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurts free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
0 التعليقات
0 المشاركات
20 مشاهدة