The News: Last week a U.S. District Court Judge sentenced the ringleader of a seven-year malware scheme to 12 years in prison. The perpetrator groomed employees at an AT&T call center to help him install malware software on AT&T computers that would allow him to remotely unlock the phones and sever it from the carrier. The phone unlocking malware scheme cost AT&T more than $200 million in lost subscription fees. Read more about the case here.
AT&T Phone-Unlocking Malware Scheme Costs Company $200 Million and Shines Light on Potential Threats
Analyst Take: Malware is a constant threat for organizations. An overwhelming majority of malware attacks are spread by unsuspecting employees, which in and of itself is worrisome, but this case highlights another reality — insider threats pose great risks for organizations. Muhammad Fahd, the foreign-born actor, convicted of this scheme, created a fake Facebook profile to lure and bribe employees of a Washington-based AT&T call center to install malware on AT&T computers.
What’s more concerning? In 2013, AT&T found the malware on its network and removed it. Fahd wasn’t phased. He thereafter convinced the employees to provide confidential information about AT&T’s system that he then used to tailor new malware that would work on AT&T’s computers.
The malware granted him access to codes that would sever phones from the company’s network that customers would pay for through a now defunct company called Swift Unlocks. Not sure how this impacted AT&T? Customers who buy phones or other mobile devices through mobile services providers often do so at a discounted rate, but are locked in to the provider, meaning the device can’t be used on another network. Fahd’s scheme severed that connection, which resulted in over $200 million in lost cell subscriptions. This phone-unlocking malware scheme shines a new light on potential threat actors targeting and grooming employees from thousands of miles away.
It’s Bigger Than This Single Case
While the size of the case is troublesome for AT&T’s bottom line, this kind of access and the tailor-made malware could have been used for something much worse, including larger scale cyber stacks, ransomware, or even wide-scale espionage. Employees in call centers and even retail locations are consistently providing a conduit for threat actors. According to a recent survey “2020 Cost of Insider Threats: Global Report” from the Ponemon Institute, insider threats grew 47 percent between 2018 and 2020. The cost of those threats was over $11 million in 2020.
Until now, majority of insider security incidents have been caused by negligent employees, but this phone-unlocking malware scheme highlights the new potential threat that companies need to be prepared for. And when it seems like every day there is a new report of a ransomware attack or cybersecurity breach, educating and working with employees to prevent attacks is a simple solution that can save millions.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.