Skip to content

Shush Blog

Shush Marketing

Recent Posts

What’s Next: The Future of Network Authentication and Mobile Identity — An Exclusive Interview with Eddie, CEO of Shush

Posted by Shush Marketing on September 23, 2024 at 4:58 PM

Find the original post on Medium  by  Jason Malki

I had the pleasure of interviewing Eddie, a seasoned executive with over 30 years of experience driving growth and innovation in the technology and telecommunications industries. He is currently the Co-Founder and CEO of Shush, which is revolutionizing network authentication. Shush partners with mobile network operators (MNOs) around the world to reduce mobile fraud. Sherlock is Shush’s cloud-based solution, which unlocks additional revenue for MNOs by facilitating network authentication transactions.

Prior to Shush, Eddie served as Regional CEO — Americas for Sekura.id, where he led the company’s expansion in the Americas and Asia regions. Eddie has a proven track record of success in sales, business development, and strategic planning. He has held senior leadership positions at Mavenir, LivePerson, and Tyntec, where he consistently delivered results and exceeded expectations. Throughout his career, Eddie has demonstrated a deep understanding of the market, a passion for technology, and a commitment to building strong relationships with customers and partners.

What motivated you to launch your startup?

When I was the Regional CEO at Sekura, I was responsible for the Americas and Asia, and I was speaking to mobile network operators all over the world. They were all saying the same thing: “We want to do network authentication. We have no idea how to do network authentication. We have no money to buy a platform to do network authentication, and we don’t know where to start….” So, I took this feedback to my Group CEO and was told that we, Sekura, only buy network data from mobile network operators after they launch the service. To which I said, “What are you buying if they have nothing to sell?”

At that point, I realized there was a problem in an industry that, according to McKinsey, has a $300B TAM. Also, A2P SMS OTP is currently a $19B business, and network authentication is projected to be 10 times that. After speaking to some mentors and realizing that network authentication services don’t have a demand problem (banks, fintechs), but rather a supply problem, I understood the opportunity. There are currently 1,000+ mobile network operators globally, and fewer than 100 have launched the service. In reality, that number is closer to 27.

At this point, I called my co-founder, and we launched the company.

What excites you about what you’re building?

Great question. I guess what really excites me about what we are building at Shush is that it’s a solution that is wanted, needed, and no one else saw this huge missing piece in the network authentication ecosystem.

What has been your biggest challenge in growing your startup?

Besides raising capital? Finding the right team members to take my vision from a thought to reality. You can always find smart people, but they need to fit the culture and drive, etc.

What are your future plans for your startup?

Build the leading mobile network authentication solution for mobile network operators. If we do that, then we have succeeded.

If you had to share “words of wisdom” with a founder who’s about to start their own startup, what would they be?

Talk to everyone, run your idea by them, and don’t worry about them “stealing your idea.” Get as much feedback as you can, and if your idea passes the smell test, then do it with as much passion as you can muster.

How can our readers follow you on social media?

Sure, on linked in www.linkedin.com/edecurtis on twitter/x @edecurtis and you can follow Shush on both LinkedIn / Shush-inc and on Twitter/X @ShushSherlock

Tags: Blog Post

Shush and Global Telco Consult (GTC) Forge Strategic Partnership

Posted by Shush Marketing on August 5, 2024 at 9:00 AM

FOR IMMEDIATE RELEASE

Shush Inc. and Global Telco Consult GmbH (GTC) Forge Strategic Partnership to Drive Innovation in Telecommunications

Collaboration Set to Enhance Next-Generation Telecom Solutions and Global Connectivity

DALLAS, TX, and MUNICH, Germany, August 5, 2024 – Shush Inc., a pioneering leader in Network Authentication solutions, is thrilled to announce a strategic partnership with Global Telco Consult GmbH (GTC), a distinguished independent telecommunications consultancy renowned for its expertise across Messaging, Identity, IoT, Recruitment, and M&A services.

GTC stands out for its unparalleled track record in helping enterprises, carriers, and service providers navigate the complexities of the telecommunications landscape. From optimizing SMS and next-generation IP messaging to deploying advanced Identity and Fraud Detection tools, GTC offers comprehensive solutions tailored to the evolving needs of its clients.

Through this strategic partnership, Shush Inc. and GTC will leverage their respective strengths to drive innovation and deliver cutting-edge solutions to the telecommunications industry. By combining Shush Inc.'s expertise in Network Authentication with GTC's extensive experience in consulting and managed services, the partnership aims to maximize current and emerging technologies, drive revenue growth, and future-proof communication strategies for clients.

"We are thrilled to partner with Global Telco Consult GmbH," said Eddie DeCurtis, Co-Founder & CEO of Shush Inc. "With GTC's deep expertise and customized consulting services, coupled with Shush Inc.'s innovative Network Authentication solutions, we are well-positioned to drive technological advancements and operational excellence in the telecommunications industry."

GTC's neutral stance as an independent entity makes it a valuable partner, enabling collaboration without competition and fostering an environment conducive to driving innovation and growth. By providing fully customized consulting and managed services, GTC empowers clients to navigate the rapidly evolving telecommunications landscape with confidence.

"We are thrilled about our partnership with Shush Inc.," said Guillaume Bourcy, Chief Identity Officer at Global Telco Consult GmbH. “This collaboration enables us to deliver exceptional value in the mobile identity space, driving innovation and shaping the future of digital identity solutions for telecom operators, vendors, and enterprises alike.”

For more information about Shush Inc. and Global Telco Consult GmbH, please visit www.shush.pw and https://globaltelcoconsult.com

About Shush Inc.:

Shush Inc. is a leading provider of Network Authentication solutions, dedicated to redefining convenience and reliability in the industry. With a focus on innovative authentication processes, Shush Inc. empowers mobile network operators with robust security solutions tailored to meet their unique needs.

About GTC:

Global Telco Consult GmbH (GTC) is a leading independent telecommunications consultancy specializing in Messaging, Identity, IoT, Recruitment, and M&A services. With a commitment to providing fully customized consulting and managed services, GTC empowers enterprises, carriers, and service providers to navigate the complexities of the telecommunications industry with confidence. GTC's neutral stance as an independent entity makes it a valuable partner in driving innovation and operational excellence without competing with its clients. Through strategic partnerships and expertise-driven solutions, GTC continues to shape the future of telecommunications.


Media Contact:

Daryl Carlough
Shush Inc.
+1 617-320-4863
email us here
Visit us on social media:
X
LinkedIn

 

Tags: Press Release

Shush and Covr Security AB Partner to Enhance Digital Security Solutions

Posted by Shush Marketing on July 9, 2024 at 12:16 PM

FOR IMMEDIATE RELEASE

Dallas, TX, July 9, 2024 – Shush Inc., a leading provider of innovative Network Authentication solutions, is thrilled to announce a strategic partnership with Covr Security AB, a pioneering Swedish cybersecurity firm. Through this collaboration, Shush Inc. and Covr Security AB will work together to create advanced digital security solutions to better serve their customers.

Covr Security AB, established in 2015, is renowned for revolutionizing mobile and digital security. Specializing in providing an innovative mobile security management platform, Covr Security AB primarily caters to sectors necessitating robust customer authentication and privacy, such as online banking, digital payments, and mobile banking. Their platform stands out for its advanced multi-factor authentication methods, offering unparalleled protection against cyber threats.

"We are incredibly excited to partner with Covr Security AB to enhance digital security solutions for our customers," said Eddie DeCurtis, Co-Founder & CEO of Shush Inc. "Covr Security AB's expertise and innovative approach to cybersecurity align perfectly with our commitment to providing cutting-edge Network Authentication solutions. Together, we aim to empower our clients across various industries with secure, seamless digital transactions, fundamentally transforming the way businesses and consumers experience online security. This partnership is not just a collaboration; it's a leap forward in making the internet a safer and more trustworthy place for everyone."

This strategic partnership between Shush Inc. and Covr Security AB reflects their shared commitment to advancing digital security and providing exceptional solutions to their clients. By combining their respective strengths and resources, the two companies are poised to deliver innovative cybersecurity solutions that address the evolving needs of today's digital landscape.

"We are delighted to collaborate with Shush Inc. to develop advanced digital security solutions," said George Fraser, Chief Revenue Officer of Covr Security AB. "This partnership represents a significant step forward in our mission to make the internet a safer place for everyone. Together with Shush Inc., we are committed to delivering cutting-edge cybersecurity solutions that provide unmatched protection and peace of mind to our customers."

About Shush Inc.: 

Shush Inc. is a leading provider of Network Authentication solutions, dedicated to redefining convenience and reliability in the industry. With a focus on innovative authentication processes, Shush Inc. empowers Mobile Network Operators with robust security solutions tailored to meet their unique needs.

About Covr Security AB:

Covr Security is a pioneering Swedish cybersecurity firm, renowned for revolutionizing mobile and digital security. Established in 2015, we specialize in providing an innovative mobile security management platform, primarily catering to sectors necessitating robust customer authentication and privacy, such as online banking, digital payments, and mobile banking. Our platform is distinctive for its advanced multi-factor authentication methods, offering unparalleled protection against cyber threats. This user-centric solution empowers our clients across various industries with secure, seamless digital transactions, reflecting our commitment to making the internet a safer, more trustworthy place. For more information, visit www.covrsecurity.com

-END-

Tags: Press Release

Twilio Authy users should prepare for SIM Swap attacks

Posted by Shush Marketing on July 8, 2024 at 4:34 PM

 

Details of the security breach

Recently, Twilio Authy experienced a security breach which has compromised the mobile phone numbers of millions of users. Hackers were able to gain unauthorized access to the app's database and obtain a significant amount of user data.

The breach exposed personal information, including phone numbers, associated with Twilio Authy accounts. It is important to note that no account passwords or sensitive financial information were compromised in the breach.

Twilio Authy has taken immediate action to investigate the breach and enhance its security measures to prevent similar incidents in the future.

The mobile subscribers on the leaked list are now subject to SMS smishing and potential SIM swap attacks.  Since these users are known Twilio Authy users, they are now highly likely to receive attacks with fake SMS OTP requests with malicious links. This further demonstrates that mobile app based authentication methods and SMS OTP can be comprised.  

Impact on user phone numbers

The security breach has raised concerns about the privacy and security of user phone numbers. While no sensitive information was compromised, the exposure of phone numbers could potentially lead to targeted spam messages, phishing attempts, or other malicious activities.

It is recommended that users remain vigilant and report any suspicious activity related to their Twilio Authy accounts. Additionally, users should consider updating their 2FA settings and monitor their accounts for any unauthorized access.

Overview of Twilio Authy 2FA app

Twilio Authy is a popular two-factor authentication (2FA) app that provides an additional layer of security for user accounts. It allows users to secure their online accounts by requiring a second form of authentication, typically a unique code sent to their mobile device.

With the increasing threat of cyber attacks and data breaches, 2FA has become a crucial security measure for individuals and organizations. Twilio Authy has gained popularity due to its user-friendly interface and compatibility with various online platforms.

The app works by generating one-time codes that are required to access online accounts. These codes can be delivered via SMS, phone call, or push notification, providing users with flexibility and convenience.

Response from Twilio Authy

Twilio Authy has taken the security breach seriously and has responded promptly to address the issue. The company has initiated a thorough investigation to determine the cause of the breach and identify any potential vulnerabilities in its system.

In response to the incident, Twilio Authy has implemented additional security measures to enhance the protection of user data. This includes strengthening encryption protocols, implementing stricter access controls, and conducting regular security audits.

Twilio Authy has also notified affected users regarding the breach and provided guidance on steps they can take to secure their accounts. The company is committed to ensuring the privacy and security of its users and will continue to monitor the situation closely.

Tags: Network Authentication, Data Breach

Unpacking the Veritaseum Lawsuit Against T-Mobile

Posted by Shush Marketing on June 3, 2024 at 2:30 PM

Delve into the details of the legal battle between Veritaseum and T-Mobile in the finance sector.

The Background of Veritaseum and T-Mobile

Veritaseum is a financial technology company that provides blockchain-based solutions for the finance industry. They offer decentralized financial products and services, aiming to revolutionize the way financial transactions are conducted.

T-Mobile, on the other hand, is a leading telecommunications company known for its wireless services. They cater to millions of customers and have a significant presence in the mobile network industry.

The legal battle between Veritaseum and T-Mobile arises from allegations made by Veritaseum regarding T-Mobile's gross negligence and misconduct in handling financial transactions.

In order to understand the lawsuit, it is important to delve into the background of both Veritaseum and T-Mobile.

Allegations Made by Veritaseum Against T-Mobile

Veritaseum has accused T-Mobile of gross negligence and misconduct in their handling of financial transactions. According to Veritaseum, T-Mobile failed to implement proper security measures, leading to significant financial losses for Veritaseum and its users.

The allegations include claims that T-Mobile did not take adequate steps to protect customer information and failed to prevent unauthorized access to sensitive financial data. Veritaseum argues that these actions by T-Mobile resulted in financial harm to their company and its clients.

Veritaseum is seeking legal recourse to hold T-Mobile accountable for their alleged misconduct and to recover the financial losses incurred as a result.

Impact on the Finance Industry

The lawsuit between Veritaseum and T-Mobile has far-reaching implications for the finance industry. It highlights the importance of robust security measures and safeguards when it comes to financial transactions, especially in the realm of blockchain technology.

The outcome of this lawsuit can potentially shape future regulations and industry standards for the finance and telecommunications sectors. It serves as a reminder to companies operating in these industries that they must prioritize the security of customer information and take necessary steps to prevent any breaches or unauthorized access.

The impact of this lawsuit goes beyond Veritaseum and T-Mobile, as it raises awareness about the potential risks associated with financial transactions and the need for proactive measures to protect against them.

Legal Ramifications for T-Mobile

If the allegations made by Veritaseum are proven true in a court of law, T-Mobile may face significant legal ramifications. This could include financial penalties, reputational damage, and potential changes in their business practices.

T-Mobile's handling of financial transactions and the security measures they have in place will be closely scrutinized throughout the legal proceedings. The outcome of the lawsuit will determine the extent of T-Mobile's liability and the consequences they will face for their alleged misconduct.

It is crucial for T-Mobile to mount a strong defense against these allegations in order to protect their reputation and address any potential weaknesses in their financial transaction processes.

The Future Implications of the Lawsuit

The outcome of the Veritaseum lawsuit against T-Mobile will have lasting implications for both companies and the finance industry as a whole.

If Veritaseum is successful in proving T-Mobile's negligence and misconduct, it could pave the way for stronger regulations and security measures in the finance industry. This would help protect consumers and businesses from potential financial losses and breaches of sensitive information.

On the other hand, if T-Mobile is able to defend themselves and refute the allegations made by Veritaseum, it could set a precedent for similar cases in the future. It would emphasize the importance of due diligence and proper security measures in financial transactions, while also highlighting the need for companies to take responsibility for their actions.

Regardless of the outcome, the Veritaseum lawsuit against T-Mobile serves as a reminder of the ever-evolving landscape of the finance industry and the need for constant vigilance and adaptation to emerging challenges.

Tags: Bank Fraud

July 8, 2024 Deadline: MNOs Response to FCC Regulation

Posted by Shush Marketing on May 16, 2024 at 10:18 AM

Explore how FCC regulations impact mobile network operators and their consumers.

The Role of FCC Regulations in Consumer Protection

FCC regulations play a crucial role in protecting consumers in the mobile network industry. These regulations ensure that mobile network operators prioritize the safety and security of their customers' personal information and data. By setting standards and guidelines, the FCC helps prevent fraudulent activities, such as SIM swapping, which can result in unauthorized access to a consumer's mobile phone account.

Furthermore, FCC regulations require mobile network operators to implement robust security measures to safeguard against data breaches and unauthorized access. These regulations also promote transparency and accountability, ensuring that consumers have access to clear information about their rights and the services provided by mobile network operators.

Challenges Faced by Mobile Network Operators

While FCC regulations aim to protect consumers, mobile network operators face certain challenges in ensuring compliance. One of the primary challenges is staying ahead of rapidly evolving cyber threats and fraud techniques. As technology advances, criminals find new ways to exploit vulnerabilities and compromise consumer accounts.

Additionally, complying with FCC regulations requires substantial investments in security infrastructure and personnel. Mobile network operators need to continuously update their systems, train their employees, and implement advanced security measures. These investments can be costly and time-consuming, especially for smaller operators.

In a significant move, the FCC approved new regulations in October to combat SIM swap and port-out fraud. These regulations aim to create a standardized framework within the mobile wireless industry to protect consumers. Specifically, wireless providers are now required to implement secure authentication methods before transferring a customer's phone number to a new device or provider. Additionally, providers must maintain records of SIM change requests and the authentication processes utilized. The regulations also include protocols for addressing failed authentication attempts, employee training on handling fraud incidents, and measures to prevent unauthorized access to customers' personal information until proper authentication is confirmed.

Compliance Requirements for Mobile Network Operators

To comply with FCC regulations, mobile network operators must meet specific requirements set by the FCC. These requirements include implementing robust authentication processes to prevent unauthorized SIM swapping and ensuring the secure storage and transmission of customer data.

Operators must also establish procedures for promptly detecting and responding to any security incidents or breaches. They must conduct regular audits and assessments to identify vulnerabilities and address any shortcomings in their security measures. Additionally, mobile network operators are required to provide clear and accurate information to consumers regarding their rights and the steps they can take to protect themselves.

Benefits of FCC Regulations for Consumers

FCC regulations provide several benefits to consumers in the mobile network industry. These regulations enhance consumer trust by ensuring that their personal information and data are adequately protected. By requiring mobile network operators to implement strong security measures, consumers can have confidence in the safety of their accounts and reduce the risk of identity theft or unauthorized access.

Furthermore, FCC regulations promote fair and transparent practices among mobile network operators. Consumers have access to clear information about their rights, billing practices, and the services they are entitled to receive. This transparency empowers consumers to make informed decisions and hold mobile network operators accountable for their actions.

Overall, FCC regulations help create a more secure and consumer-friendly environment in the mobile network industry, fostering trust and confidence among consumers.

As reported by LightReading this FCC regulation is intended to end SIM scams:

"We take these steps to improve consumer privacy and put an end to SIM scams," said FCC Chairwoman Jessica Rosenworcel in a statement late last year, after the agency voted to enact rules to curtail SIM fraud. "Because we know our phones know a lot about us. They are an entry to our records, our accounts, and so much that we value. That is why across the board we need policies that make sure our information is secure."

Future Trends in FCC Regulation for Mobile Network Operators

As technology continues to advance, the FCC will likely introduce new regulations and guidelines to address emerging challenges and protect consumers. One potential future trend is increased focus on emerging technologies, such as 5G networks and Internet of Things (IoT) devices. The FCC may establish specific security standards and requirements for these technologies to ensure consumer safety and privacy.

Additionally, the FCC may further enhance consumer protection measures by collaborating with other regulatory bodies and industry stakeholders. By working together, regulators and operators can share best practices and develop comprehensive strategies to combat fraud, data breaches, and other security threats.

Furthermore, the FCC may prioritize consumer education and awareness programs to help individuals understand their rights, the potential risks they face, and the steps they can take to protect themselves. By empowering consumers with knowledge, the FCC can further strengthen consumer protection in the mobile network industry.

Tags: Blog Post

5G APIs: The $900B Telecom Enterprise Opportunity

Posted by Shush Marketing on May 10, 2024 at 2:46 PM

Uncover how 5G APIs are revolutionizing the IoT core landscape and creating a $900 billion opportunity for the telecom industry.

The Impact of 5G APIs on IoT Core

The impact of 5G APIs on IoT Core is significant. With the introduction of 5G technology, the potential for innovation and efficiency in the IoT core landscape has skyrocketed. 5G APIs provide developers with the tools and resources they need to build and deploy IoT applications at scale, enabling seamless connectivity and real-time data processing.

By leveraging 5G APIs, IoT devices can communicate and interact with each other more efficiently, leading to improved overall performance and reliability. The high-speed, low-latency nature of 5G networks allows for faster data transmission and reduced response times, enabling real-time monitoring, control, and analysis of IoT devices.

Moreover, 5G APIs unlock new possibilities for IoT applications in various industries, including manufacturing, healthcare, transportation, and smart cities. They enable the integration of IoT devices with other emerging technologies like artificial intelligence, machine learning, and edge computing, creating a powerful ecosystem of connected devices and services.

Overall, the impact of 5G APIs on IoT Core is transformative. It opens up new avenues for innovation, enhances operational efficiency, and drives the growth of the IoT industry.

Driving Innovation and Efficiency

5G APIs are driving innovation and efficiency in the telecom industry. By providing developers with standardized interfaces and protocols, 5G APIs simplify the development process and accelerate the deployment of IoT applications.

With 5G APIs, developers can easily access and utilize the advanced features and capabilities of 5G networks, such as network slicing, edge computing, and massive IoT connectivity. This enables them to create innovative solutions that leverage the full potential of 5G technology.

Furthermore, 5G APIs enable efficient resource management and optimization. They allow for dynamic allocation of network resources based on application requirements, ensuring optimal performance and utilization of network resources.

In addition, 5G APIs facilitate seamless integration and interoperability between different IoT devices and platforms. They provide a common language for communication and data exchange, eliminating compatibility issues and enabling a unified IoT ecosystem.

Overall, 5G APIs play a crucial role in driving innovation and efficiency in the telecom industry, empowering developers to create groundbreaking IoT solutions and unlocking new opportunities for growth and revenue.

Monetizing 5G APIs in the Telecom Industry

The monetization of 5G APIs presents a significant opportunity for the telecom industry. By offering 5G APIs as a service, telecom operators can generate new revenue streams and tap into the growing demand for IoT solutions.

Telecom operators can monetize 5G APIs through various models, such as API subscriptions, usage-based pricing, and revenue sharing with developers. By providing developers with access to 5G APIs, telecom operators can enable the creation of innovative IoT applications and charge for the usage of their APIs.

Moreover, telecom operators can offer value-added services on top of their 5G APIs, such as analytics, security, and management tools. These services can provide additional revenue streams and create differentiation in the market.

Furthermore, telecom operators can leverage 5G APIs to enable new business models and partnerships. They can collaborate with IoT solution providers, device manufacturers, and other ecosystem players to create bundled offerings and joint go-to-market strategies.

In summary, the monetization of 5G APIs presents a significant opportunity for telecom operators to generate revenue, foster innovation, and strengthen their position in the IoT market.

Challenges and Opportunities Ahead

While 5G APIs offer immense opportunities, they also come with certain challenges. One of the main challenges is the complexity of integrating and managing diverse IoT devices and platforms. Ensuring seamless interoperability and compatibility across different technologies and vendors requires careful planning and coordination.

Another challenge is the security and privacy of IoT data. With the increasing number of connected devices and the massive amount of data generated, ensuring the confidentiality, integrity, and availability of IoT data becomes crucial. Robust security measures and protocols need to be in place to protect against cyber threats and unauthorized access.

Furthermore, the deployment and implementation of 5G networks and infrastructure require significant investments and upgrades. Telecom operators need to invest in building the necessary infrastructure, including base stations, antennas, and network equipment, to support 5G connectivity.

Despite these challenges, there are abundant opportunities ahead. The adoption of 5G technology and the proliferation of IoT devices create a fertile ground for innovation and business growth. By leveraging 5G APIs, businesses can unlock new revenue streams, improve operational efficiency, and deliver enhanced customer experiences.

Moreover, the combination of 5G APIs with other emerging technologies, such as artificial intelligence and edge computing, opens up new possibilities for value creation and differentiation. Businesses can leverage these technologies to develop intelligent and autonomous IoT solutions that drive efficiency, productivity, and innovation.

In conclusion, while there are challenges to overcome, the opportunities presented by 5G APIs and the IoT are immense. Businesses that embrace these technologies and adapt to the changing landscape will be well-positioned to thrive in the telecom industry.

Future Outlook and Trends

The future outlook for 5G APIs and the IoT is promising. As 5G networks continue to roll out globally and IoT adoption accelerates, the demand for 5G APIs is expected to soar.

One of the key trends in the future is the convergence of 5G, IoT, and edge computing. With the proliferation of edge devices and the need for real-time data processing, edge computing becomes crucial. 5G APIs will play a vital role in enabling seamless connectivity and data exchange between edge devices, cloud platforms, and IoT applications.

Another trend is the integration of 5G APIs with artificial intelligence and machine learning. By combining the power of 5G networks with AI and ML algorithms, businesses can leverage real-time data analytics and insights to drive intelligent decision-making and automation.

Furthermore, the emergence of industry-specific IoT standards and frameworks will shape the future of 5G APIs. As different industries adopt IoT solutions, industry-specific APIs and protocols will be developed to address the unique requirements and challenges of each sector.

In summary, the future of 5G APIs and the IoT is characterized by convergence, intelligence, and industry-specific solutions. Businesses that stay ahead of these trends and embrace the opportunities they bring will be well-positioned to thrive in the rapidly evolving telecom industry.

Tags: APIs

Healthcare Ransomware Attack: Compromised Credentials and no MFA

Posted by Shush Marketing on May 1, 2024 at 2:11 PM

This is a repost of the following article from TechCrunch

Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO

 

United Healthcare

The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG).

The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG).

Understanding Healthcare Ransomware Attacks

UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. healthcare system.

This is the first time the health insurance giant has given an assessment of how hackers broke into Change Healthcare’s systems, during which massive amounts of health data were exfiltrated from its systems. UnitedHealth said last week that the hackers stole health data on a “substantial proportion of people in America.”

Change Healthcare processes health insurance and billing claims for around half of all U.S. residents.

According to Witty’s testimony, the criminal hackers “used compromised credentials to remotely access a Change Healthcare Citrix portal.” Organizations like Change use Citrix software to let employees access their work computers remotely on their internal networks.

Witty did not elaborate on how the credentials were stolen. The Wall Street Journal first reported the hacker’s use of compromised credentials last week.

 

Importance of Multi-Factor Authentication in Healthcare

However, Witty did say the portal “did not have multifactor authentication,” which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employee’s trusted device, such as their phone. It’s not known why Change did not set up multifactor authentication on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems.

“Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data,” said Witty.

Witty said the hackers deployed ransomware nine days later on February 21, prompting the health giant to shut down its network to contain the breach.

UnitedHealth confirmed last week that the company paid a ransom to the hackers who claimed responsibility for the cyberattack and the subsequent theft of terabytes of stolen data. The hackers, known as RansomHub, are the second gang to lay claim to the data theft after posting a portion of the stolen data to the dark web and demanding a ransom to not sell the information.

UnitedHealth earlier this month said the ransomware attack cost it more than $870 million in the first quarter, in which the company made close to $100 billion in revenue.

 

Tags: Data Breach

The Risks of Cell Phone SIM Card Swaps: Stay Safe Online

Posted by Shush Marketing on April 30, 2024 at 8:40 AM

Learn about the dangers of cell phone SIM card swaps and how to protect yourself from online threats.

Understanding Cell Phone SIM Card Swaps

WASHINGTON (7News) — 7News is asking a security question that deals with your cell phone. How did a Maryland woman lose $17,000 even though she had two-factor authentication on all her accounts?

We all know criminals have multiple ways to steal your identity, but 7News is sending out a warning. SIM card swapping almost cost Sharon Hussey of Bethesda, Md. thousands.

"It was absolutely stunning. My heart dropped to the floor,” said Sharon Hussey.

It all started when Hussey got an email thanking her for the purchase of a new phone at Verizon. Minutes later her contact information at Bank of America had changed.

The problem? She didn't do either transaction and had two-factor authentication on her accounts.

"And the bottom just kind of dropped out,” added Hussey.

She called Bank of America, but her cell phone was no longer active. An online attempt required a verification code her phone couldn't receive.

Within minutes, her $17,000 was gone.

 

Bank of America Change
New Phone Activation
Screenshot 2024-04-30 at 9.35.27 AM
Screenshot 2024-04-30 at 9.33.38 AM

 

"Initially, I didn't realize how big of a deal it was. I thought I had handled it on the first day by calling the bank, calling Verizon. Figuring things out,” said Hussey.

Hussey told 7News that Verizon said someone in California walked into one of its stores and purchased a new phone along with a new SIM card and used Hussey's current phone number to activate the new phone.

When the new phone was turned on Hussey's phone went dead.

 

Hussey used a landline to contact Bank of America, but it was too late. Her $17,000 was gone.

"And I have two-factor identification which ended up biting me in the face when it all came down to it. That was the thing that completely hijacked everything. They had complete control of my phone and there was nothing I could do about it,” said Hussey.

SIM card swapping has been around for the past four years, but security experts told 7News that the scale of this type of scam has recently skyrocketed.

"In 2021, roughly six times as many dollars were stolen through this as the years before,” said Alex Quilici, CEO of YouMail.

Quilici said the scam is simple.

"The bad guys convince the telephone company that they have the SIM for your phone number and the minute the phone company does the swap they are in control of your number,” said Quilici.

Scammers then use two-factor authentication through your cell phone to access your accounts.

"If you've been doing two-factor authentication everywhere to your mobile phone number, if someone else gets that mobile phone number they can authenticate as if they are you,” said Quilici.

Over the next three months, Bank of America denied her claim saying it can't be honored.

Eventually, the bank reversed its initial decision and refunded the $17,000.

Bank of America told 7News in an email:

"We take identity theft very seriously. We are always working to improve the experience knowing that resolving identity theft issues is a complicated process.

For future reference/stories, here’s the Zelle scam avoidance information I mentioned: Pay It Safe | Zelle (zellepay.com).

Naomi R. Patton

Media Relations, Bank of America"

Verizon said in an email:

"Verizon values the privacy and security of our customers. Whenever a case of potential fraud is brought to our attention, we work quickly to investigate and resolve the matter. Due to customer privacy laws, we cannot share specific information about this particular investigation.

You can learn more about sim swapping and other types of social engineering tactics employed by fraudsters here (plus tips on what folks can do to protect themselves): https://www.verizon.com/about/account-security/sim-swapping

Thanks,

Steve Van Dinter

Director, Local Area Communications"

 

Here are more ways you can better protect yourself from SIM card swapping.

"The number one thing is to make sure you get a PIN or a number porting PIN with your carrier. That requires a special code that hopefully only you have that needs to be given to the carrier before they do the SIM swap,” said Quilici.