SEC Says SIM Swap to Blame for Breached X Account

  /     /     /  
Publicated : 23/11/2024   Category : security


SEC Says SIM Swap to Blame for Breached X Account


Crypto hackers gained control of a phone number associated with the government agencys account after MFA was disabled in July.



A new statement from the Securities and Exchange Commission (SEC) explained that the regulators X account was compromised after a threat actor was able to gain control of the phone number associated with the account, in a SIM-swapping cyberattack.
SIM-swapping attacks
are a common way for threat actors to hijack social media accounts, crypto wallets, and more.
The SEC admitted its staff intentionally
disabled multi-factor authentication (MFA) protections on the X account
in July 2023 after there was an issue accessing the @SEC.gov handle.
Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9, the SEC said in its
statement
on Jan. 22. MFA currently is enabled for all SEC social media accounts that offer it.
The SEC X account was breached on Jan. 9 by crypto hackers who posted a message regarding Bitcoin ETFs, which temporarily caused the
value of Bitcoin to spike
.
Federal legislators have called for inquiries
into the incident and investigations are ongoing by agencies including the SEC Inspector General, the Federal Bureau of Investigations (FBI), Department of Justice (DoJ), and Cybersecurity and Infrastructure Security Agency (CISA), the statement said.
SIM swapping, in particular, is tricky to defend against, Will Glazier, director of threat research for Cequence Security, said in a statement.
The act of social engineering of convincing the telecom employee(s) to port over a phone number is actually one of the last steps in the attack chain, Glazier said. Before that occurs, attackers frequently try to abuse APIs, many of which are publicly exposed to the internet with no authentication, by design, because they enable business growth.
He added that wireless carriers intentionally make it easy to move a particular phone number to a competing carrier to make it easy for consumers to make a switch to a new network.
Attackers can learn which phone numbers belong to which carriers, by learning which phone numbers are not eligible to be ported over, because they already belong to said carrier, he explained.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SEC Says SIM Swap to Blame for Breached X Account