T-Mobile breached over 100 times in 2022
By John Bruggeman, virtual Chief Information Security Officer, CBTS
Brian Krebs, a cybersecurity reporter, posted about three cybercriminal gangs who have targeted T-Mobile and gained access to the internal network of the mobile giant over 100 times in 2022.
The cell phone provider has been targeted for SIM-swapping attacks. Cybercriminals want to be able to swap the SIM card of a victim, in essence, to steal someone's phone number.
These criminal gangs seem to be targeting T-Mobile specifically because the company appears to have weaker cybersecurity controls than other cell phone providers and employees who are more susceptible to phishing e-mails.
Once the victim’s phone number has been swapped to the criminal’s phone, the gang can now log in to accounts tied to that phone number and get the multi-factor authentication (MFA) alert. Bank accounts, e-mail accounts, and cryptocurrency accounts can now be targeted once the SIM swap has taken place.
What to do?
You might want to consider moving from T-Mobile until their security is improved, or, if you stay on T-Mobile, move away from SMS for your multi-factor authentication. Use Duo or Microsoft Authenticator. They don't rely on your phone number for MFA.
About the author
John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO.