1 / 2

Sim Swapping: It’s Not as Fun as It Sounds

Having implemented some of the most stringent cybersecurity protocols for the Department of Defense, Nolij has demonstrated that a wide range of authentication solutions from short message service (SMS) and two-factor authentication (2FA) to true multifactor authentication (MFA) using hardware tokens can protect your enterprise from cyber criminals. As the saying goes, u201cAn ounce of prevention is worth a pound of cure.u201d

nolijconsulting
Download Presentation

Sim Swapping: It’s Not as Fun as It Sounds

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sim Swapping: It’s Not as Fun as It Sounds – Nolij Consulting Cybersecurity services control IT news, having implemented some of the most stringent cybersecurity protocols for the Department of Defense, our experience has proven that a wide range of authentication solutions from short message service (SMS) and two-factor authentication (2FA) to true multifactor authentication (MFA) using hardware tokens can protect the whole enterprise from cyber criminals and all the data will be safe. 2FA and MFA have proven to be effective methods that prevent breaches with industry and government standards such as CMMC and HIPAA. Authentication “factors” are broken down into three types of information the user provides: 1.Something they know (username and password) 2. Something they are (biometrics) or 3.Something they have (a hardware token). The two of these types of factors (2FA) makes for a strong protocol and all the three factors (MFA) are used to reach the greatest protection. When implementing MFA, SMS based options are very attractive based on their ease of use, SMS 2FA sends a one-time password (OTP) to a user’s cellphone, which serves as the “something you have.” The problem with SMS 2FA is that an adversary can easily pretend to have your cell phone using a technique called Subscriber Identity Module (SIM) swapping. In the past, SIM cards were physical hardware that served as the identity of a phone, and today, SIM cards are represented digitally and can be transferred from phone to phone. Using a combination of social engineering and phishing attacks, an adversary can impersonate a target’s SIM card and authenticate using OTP. It is helpful to look at the types of attacks used to beat SMS 2FA. The most common technical attacks involve session hijacking. An adversary will attempt to steal a session token by intercepting communications from the victim, known as a Man-in-the-Middle (MITM) attack. Also, if an attacker has access to an endpoint, known as Man-in-the-Endpoint (MITE), stealing session cookies is insignificant. Simply by learning the target’s cellphone number, email, and some other identifying information, an attacker can call the victim’s service provider and transfer the target’s SIM information to their device easily.

  2. Having implemented some of the most stringent cybersecurity protocols for the Department of Defense, Nolij has demonstrated federal cybersecurity and infrastructure security solution from short message service (SMS) and two-factor authentication (2FA) to true multifactor authentication (MFA) using hardware tokens can protect your enterprise from cyber criminals. As the saying goes, “An ounce of prevention is worth a pound of cure.”

More Related