Industry News & Thought Leadership

FOR IMMEDIATE RELEASE

Shush Inc. and Global Telco Consult GmbH (GTC) Forge Strategic Partnership to Drive Innovation in Telecommunications

Collaboration Set to Enhance Next-Generation Telecom Solutions and Global Connectivity

DALLAS, TX, and MUNICH, Germany, August 5, 2024 – Shush Inc., a pioneering leader in Network Authentication solutions, is thrilled to announce a strategic partnership with Global Telco Consult GmbH (GTC), a distinguished independent telecommunications consultancy renowned for its expertise across Messaging, Identity, IoT, Recruitment, and M&A services.

GTC stands out for its unparalleled track record in helping enterprises, carriers, and service providers navigate the complexities of the telecommunications landscape. From optimizing SMS and next-generation IP messaging to deploying advanced Identity and Fraud Detection tools, GTC offers comprehensive solutions tailored to the evolving needs of its clients.

Through this strategic partnership, Shush Inc. and GTC will leverage their respective strengths to drive innovation and deliver cutting-edge solutions to the telecommunications industry. By combining Shush Inc.'s expertise in Network Authentication with GTC's extensive experience in consulting and managed services, the partnership aims to maximize current and emerging technologies, drive revenue growth, and future-proof communication strategies for clients.

"We are thrilled to partner with Global Telco Consult GmbH," said Eddie DeCurtis, Co-Founder & CEO of Shush Inc. "With GTC's deep expertise and customized consulting services, coupled with Shush Inc.'s innovative Network Authentication solutions, we are well-positioned to drive technological advancements and operational excellence in the telecommunications industry."

GTC's neutral stance as an independent entity makes it a valuable partner, enabling collaboration without competition and fostering an environment conducive to driving innovation and growth. By providing fully customized consulting and managed services, GTC empowers clients to navigate the rapidly evolving telecommunications landscape with confidence.

"We are thrilled about our partnership with Shush Inc.," said Guillaume Bourcy, Chief Identity Officer at Global Telco Consult GmbH. “This collaboration enables us to deliver exceptional value in the mobile identity space, driving innovation and shaping the future of digital identity solutions for telecom operators, vendors, and enterprises alike.”

For more information about Shush Inc. and Global Telco Consult GmbH, please visit www.shush.pw and https://globaltelcoconsult.com

About Shush Inc.:

Shush Inc. is a leading provider of Network Authentication solutions, dedicated to redefining convenience and reliability in the industry. With a focus on innovative authentication processes, Shush Inc. empowers mobile network operators with robust security solutions tailored to meet their unique needs.

About GTC:

Global Telco Consult GmbH (GTC) is a leading independent telecommunications consultancy specializing in Messaging, Identity, IoT, Recruitment, and M&A services. With a commitment to providing fully customized consulting and managed services, GTC empowers enterprises, carriers, and service providers to navigate the complexities of the telecommunications industry with confidence. GTC's neutral stance as an independent entity makes it a valuable partner in driving innovation and operational excellence without competing with its clients. Through strategic partnerships and expertise-driven solutions, GTC continues to shape the future of telecommunications.

Media Contact:

Daryl Carlough
Shush Inc.
+1 617-320-4863
email us here
Visit us on social media:
X
LinkedIn

FOR IMMEDIATE RELEASE

Dallas, TX, July 9, 2024 – Shush Inc., a leading provider of innovative Network Authentication solutions, is thrilled to announce a strategic partnership with Covr Security AB, a pioneering Swedish cybersecurity firm. Through this collaboration, Shush Inc. and Covr Security AB will work together to create advanced digital security solutions to better serve their customers.

Covr Security AB, established in 2015, is renowned for revolutionizing mobile and digital security. Specializing in providing an innovative mobile security management platform, Covr Security AB primarily caters to sectors necessitating robust customer authentication and privacy, such as online banking, digital payments, and mobile banking. Their platform stands out for its advanced multi-factor authentication methods, offering unparalleled protection against cyber threats.

"We are incredibly excited to partner with Covr Security AB to enhance digital security solutions for our customers," said Eddie DeCurtis, Co-Founder & CEO of Shush Inc. "Covr Security AB's expertise and innovative approach to cybersecurity align perfectly with our commitment to providing cutting-edge Network Authentication solutions. Together, we aim to empower our clients across various industries with secure, seamless digital transactions, fundamentally transforming the way businesses and consumers experience online security. This partnership is not just a collaboration; it's a leap forward in making the internet a safer and more trustworthy place for everyone."

This strategic partnership between Shush Inc. and Covr Security AB reflects their shared commitment to advancing digital security and providing exceptional solutions to their clients. By combining their respective strengths and resources, the two companies are poised to deliver innovative cybersecurity solutions that address the evolving needs of today's digital landscape.

"We are delighted to collaborate with Shush Inc. to develop advanced digital security solutions," said George Fraser, Chief Revenue Officer of Covr Security AB. "This partnership represents a significant step forward in our mission to make the internet a safer place for everyone. Together with Shush Inc., we are committed to delivering cutting-edge cybersecurity solutions that provide unmatched protection and peace of mind to our customers."

About Shush Inc.: 

Shush Inc. is a leading provider of Network Authentication solutions, dedicated to redefining convenience and reliability in the industry. With a focus on innovative authentication processes, Shush Inc. empowers Mobile Network Operators with robust security solutions tailored to meet their unique needs.

About Covr Security AB:

Covr Security is a pioneering Swedish cybersecurity firm, renowned for revolutionizing mobile and digital security. Established in 2015, we specialize in providing an innovative mobile security management platform, primarily catering to sectors necessitating robust customer authentication and privacy, such as online banking, digital payments, and mobile banking. Our platform is distinctive for its advanced multi-factor authentication methods, offering unparalleled protection against cyber threats. This user-centric solution empowers our clients across various industries with secure, seamless digital transactions, reflecting our commitment to making the internet a safer, more trustworthy place. For more information, visit www.covrsecurity.com

-END-

Details of the security breach

Recently, Twilio Authy experienced a security breach which has compromised the mobile phone numbers of millions of users. Hackers were able to gain unauthorized access to the app's database and obtain a significant amount of user data.

The breach exposed personal information, including phone numbers, associated with Twilio Authy accounts. It is important to note that no account passwords or sensitive financial information were compromised in the breach.

Twilio Authy has taken immediate action to investigate the breach and enhance its security measures to prevent similar incidents in the future.

The mobile subscribers on the leaked list are now subject to SMS smishing and potential SIM swap attacks.  Since these users are known Twilio Authy users, they are now highly likely to receive attacks with fake SMS OTP requests with malicious links. This further demonstrates that mobile app based authentication methods and SMS OTP can be comprised.  

Impact on user phone numbers

The security breach has raised concerns about the privacy and security of user phone numbers. While no sensitive information was compromised, the exposure of phone numbers could potentially lead to targeted spam messages, phishing attempts, or other malicious activities.

It is recommended that users remain vigilant and report any suspicious activity related to their Twilio Authy accounts. Additionally, users should consider updating their 2FA settings and monitor their accounts for any unauthorized access.

Overview of Twilio Authy 2FA app

Twilio Authy is a popular two-factor authentication (2FA) app that provides an additional layer of security for user accounts. It allows users to secure their online accounts by requiring a second form of authentication, typically a unique code sent to their mobile device.

With the increasing threat of cyber attacks and data breaches, 2FA has become a crucial security measure for individuals and organizations. Twilio Authy has gained popularity due to its user-friendly interface and compatibility with various online platforms.

The app works by generating one-time codes that are required to access online accounts. These codes can be delivered via SMS, phone call, or push notification, providing users with flexibility and convenience.

Response from Twilio Authy

Twilio Authy has taken the security breach seriously and has responded promptly to address the issue. The company has initiated a thorough investigation to determine the cause of the breach and identify any potential vulnerabilities in its system.

In response to the incident, Twilio Authy has implemented additional security measures to enhance the protection of user data. This includes strengthening encryption protocols, implementing stricter access controls, and conducting regular security audits.

Twilio Authy has also notified affected users regarding the breach and provided guidance on steps they can take to secure their accounts. The company is committed to ensuring the privacy and security of its users and will continue to monitor the situation closely.

EIN PRESSWIRE

Shush Inc. partners with ClearSky Technologies to revolutionize Network Authentication and wireless data solutions across North America. #NetworkInnovation

DALLAS, TEXAS, UNITED STATES, June 20, 2024 /EINPresswire.com/ -- Shush Inc., a leading provider of innovative Network Authentication solutions, is excited to announce a strategic alliance with Orlando, Florida-based ClearSky Technologies, a premier provider of cutting-edge wireless technology solutions specializing in the optimization of wireless data traffic and A2P message delivery. This alliance marks a significant milestone in advancing Network Authentication solutions, leveraging the expertise and resources of both organizations to deliver comprehensive network solutions tailored to the evolving needs of enterprises across North America.

ClearSky Technologies delivers A2P services for regional carriers, OTT providers and MVNOs, including Two-Factor Authentication (2FA) and One-Time Passwords (OTP). ClearSkyis partnering with Shush to further complement stability and trust in the authentication ecosystem. Enterprises are often attacked in the form of fraudulent numbers in A2P messaging and Artificially Inflated Traffic (AIT), causing billions of dollars to be lost.

The strategic alliance with ClearSky Technologies will enable Shush Inc. to offer Network Authentication to a robust foundation of Mobile Network Operators. ClearSky’s expertise in managing complex telecommunications issues, combined with their comprehensive suite of solutions that blend cloud-based components with local infrastructure, will greatly enhance Shush’s ability to deliver much-needed Network Authentication solutions to the wireless industry.

While top-tier carriers have invested millions in network authentication technologies, Shush and ClearSky are providing the same cutting-edge solutions to the entire industry at a fraction of the cost. This partnership brings advanced security within reach for all carriers but also significantly lowers the cost barrier, making it accessible to a broader wireless carrier market.

Eddie DeCurtis, Co-Founder & CEO of Shush Inc., expressed his enthusiasm about the alliance: "We are incredibly excited to partner with ClearSky Technologies. This collaboration significantly enhances our ability to deliver a comprehensive network solution to the wireless network marketplace. ClearSky’s managed services portfolio perfectly complements Shush Inc.'s expertise in Network Authentication, positioning us to meet and exceed the evolving needs of Mobile Network Operators. Together, we are set to revolutionize the landscape of wireless networks, offering unparalleled solutions that drive innovation and security."

Ron Willett, VP & GM of ClearSky Technologies, shared about the value of the alliance with Shush Inc.: "We are thrilled to join the Shush family and combine our product offerings with their state-of-the-art Network Authentication solution and deployment expertise. Together, we have a unique opportunity to bring enterprises a new and better way to authenticate users and increase customer satisfaction while protecting them from monetary exposure caused by AIT. This partnership will also allow our carrier partners to participate in a brand new revenue stream.”

About Shush Inc.:
Shush Inc. is a leading provider of Network Authentication solutions, dedicated to redefining convenience and reliability in the industry. With a focus on innovative authentication processes, Shush Inc. empowers Mobile Network Operators with robust Network Authentication solutions tailored to meet their unique needs. For media inquiries, please contact: media@shush.pw

About ClearSky Technologies:
ClearSky Technologies has been providing cutting-edge wireless technology solutions to mobile network operators for more than two decades. Their specialized portfolio includes the Total Traffic Manager (TTM™) solution for data traffic and policy management, and iCODE^®, their leading A2P messaging service. All of ClearSky’s solutions are offered “as-a-service” and require little or no capital investment. Headquartered in Orlando, Florida, ClearSky serves over 100 mobile network operators globally, along with many other channel partners, network operators, and wireless providers. ClearSky addresses complex telecommunications issues with comprehensive, cost-effective solutions, combining cloud-based components with local infrastructure to ensure efficiency and reliability. Their commitment to innovation and ethical business practices has made them a trusted and integral partner in the industry.

###

Daryl Carlough
Shush Inc.
+1 617-320-4863
email us here
Visit us on social media:
X
LinkedIn

Delve into the details of the legal battle between Veritaseum and T-Mobile in the finance sector.

The Background of Veritaseum and T-Mobile

Veritaseum is a financial technology company that provides blockchain-based solutions for the finance industry. They offer decentralized financial products and services, aiming to revolutionize the way financial transactions are conducted.

T-Mobile, on the other hand, is a leading telecommunications company known for its wireless services. They cater to millions of customers and have a significant presence in the mobile network industry.

The legal battle between Veritaseum and T-Mobile arises from allegations made by Veritaseum regarding T-Mobile's gross negligence and misconduct in handling financial transactions.

In order to understand the lawsuit, it is important to delve into the background of both Veritaseum and T-Mobile.

Allegations Made by Veritaseum Against T-Mobile

Veritaseum has accused T-Mobile of gross negligence and misconduct in their handling of financial transactions. According to Veritaseum, T-Mobile failed to implement proper security measures, leading to significant financial losses for Veritaseum and its users.

The allegations include claims that T-Mobile did not take adequate steps to protect customer information and failed to prevent unauthorized access to sensitive financial data. Veritaseum argues that these actions by T-Mobile resulted in financial harm to their company and its clients.

Veritaseum is seeking legal recourse to hold T-Mobile accountable for their alleged misconduct and to recover the financial losses incurred as a result.

Impact on the Finance Industry

The lawsuit between Veritaseum and T-Mobile has far-reaching implications for the finance industry. It highlights the importance of robust security measures and safeguards when it comes to financial transactions, especially in the realm of blockchain technology.

The outcome of this lawsuit can potentially shape future regulations and industry standards for the finance and telecommunications sectors. It serves as a reminder to companies operating in these industries that they must prioritize the security of customer information and take necessary steps to prevent any breaches or unauthorized access.

The impact of this lawsuit goes beyond Veritaseum and T-Mobile, as it raises awareness about the potential risks associated with financial transactions and the need for proactive measures to protect against them.

Legal Ramifications for T-Mobile

If the allegations made by Veritaseum are proven true in a court of law, T-Mobile may face significant legal ramifications. This could include financial penalties, reputational damage, and potential changes in their business practices.

T-Mobile's handling of financial transactions and the security measures they have in place will be closely scrutinized throughout the legal proceedings. The outcome of the lawsuit will determine the extent of T-Mobile's liability and the consequences they will face for their alleged misconduct.

It is crucial for T-Mobile to mount a strong defense against these allegations in order to protect their reputation and address any potential weaknesses in their financial transaction processes.

The Future Implications of the Lawsuit

The outcome of the Veritaseum lawsuit against T-Mobile will have lasting implications for both companies and the finance industry as a whole.

If Veritaseum is successful in proving T-Mobile's negligence and misconduct, it could pave the way for stronger regulations and security measures in the finance industry. This would help protect consumers and businesses from potential financial losses and breaches of sensitive information.

On the other hand, if T-Mobile is able to defend themselves and refute the allegations made by Veritaseum, it could set a precedent for similar cases in the future. It would emphasize the importance of due diligence and proper security measures in financial transactions, while also highlighting the need for companies to take responsibility for their actions.

Regardless of the outcome, the Veritaseum lawsuit against T-Mobile serves as a reminder of the ever-evolving landscape of the finance industry and the need for constant vigilance and adaptation to emerging challenges.

Explore how FCC regulations impact mobile network operators and their consumers.

The Role of FCC Regulations in Consumer Protection

FCC regulations play a crucial role in protecting consumers in the mobile network industry. These regulations ensure that mobile network operators prioritize the safety and security of their customers' personal information and data. By setting standards and guidelines, the FCC helps prevent fraudulent activities, such as SIM swapping, which can result in unauthorized access to a consumer's mobile phone account.

Furthermore, FCC regulations require mobile network operators to implement robust security measures to safeguard against data breaches and unauthorized access. These regulations also promote transparency and accountability, ensuring that consumers have access to clear information about their rights and the services provided by mobile network operators.

Challenges Faced by Mobile Network Operators

While FCC regulations aim to protect consumers, mobile network operators face certain challenges in ensuring compliance. One of the primary challenges is staying ahead of rapidly evolving cyber threats and fraud techniques. As technology advances, criminals find new ways to exploit vulnerabilities and compromise consumer accounts.

Additionally, complying with FCC regulations requires substantial investments in security infrastructure and personnel. Mobile network operators need to continuously update their systems, train their employees, and implement advanced security measures. These investments can be costly and time-consuming, especially for smaller operators.

In a significant move, the FCC approved new regulations in October to combat SIM swap and port-out fraud. These regulations aim to create a standardized framework within the mobile wireless industry to protect consumers. Specifically, wireless providers are now required to implement secure authentication methods before transferring a customer's phone number to a new device or provider. Additionally, providers must maintain records of SIM change requests and the authentication processes utilized. The regulations also include protocols for addressing failed authentication attempts, employee training on handling fraud incidents, and measures to prevent unauthorized access to customers' personal information until proper authentication is confirmed.

Compliance Requirements for Mobile Network Operators

To comply with FCC regulations, mobile network operators must meet specific requirements set by the FCC. These requirements include implementing robust authentication processes to prevent unauthorized SIM swapping and ensuring the secure storage and transmission of customer data.

Operators must also establish procedures for promptly detecting and responding to any security incidents or breaches. They must conduct regular audits and assessments to identify vulnerabilities and address any shortcomings in their security measures. Additionally, mobile network operators are required to provide clear and accurate information to consumers regarding their rights and the steps they can take to protect themselves.

Benefits of FCC Regulations for Consumers

FCC regulations provide several benefits to consumers in the mobile network industry. These regulations enhance consumer trust by ensuring that their personal information and data are adequately protected. By requiring mobile network operators to implement strong security measures, consumers can have confidence in the safety of their accounts and reduce the risk of identity theft or unauthorized access.

Furthermore, FCC regulations promote fair and transparent practices among mobile network operators. Consumers have access to clear information about their rights, billing practices, and the services they are entitled to receive. This transparency empowers consumers to make informed decisions and hold mobile network operators accountable for their actions.

Overall, FCC regulations help create a more secure and consumer-friendly environment in the mobile network industry, fostering trust and confidence among consumers.

As reported by LightReading this FCC regulation is intended to end SIM scams:

"We take these steps to improve consumer privacy and put an end to SIM scams," said FCC Chairwoman Jessica Rosenworcel in a statement late last year, after the agency voted to enact rules to curtail SIM fraud. "Because we know our phones know a lot about us. They are an entry to our records, our accounts, and so much that we value. That is why across the board we need policies that make sure our information is secure."

Future Trends in FCC Regulation for Mobile Network Operators

As technology continues to advance, the FCC will likely introduce new regulations and guidelines to address emerging challenges and protect consumers. One potential future trend is increased focus on emerging technologies, such as 5G networks and Internet of Things (IoT) devices. The FCC may establish specific security standards and requirements for these technologies to ensure consumer safety and privacy.

Additionally, the FCC may further enhance consumer protection measures by collaborating with other regulatory bodies and industry stakeholders. By working together, regulators and operators can share best practices and develop comprehensive strategies to combat fraud, data breaches, and other security threats.

Furthermore, the FCC may prioritize consumer education and awareness programs to help individuals understand their rights, the potential risks they face, and the steps they can take to protect themselves. By empowering consumers with knowledge, the FCC can further strengthen consumer protection in the mobile network industry.

Uncover how 5G APIs are revolutionizing the IoT core landscape and creating a $900 billion opportunity for the telecom industry.

The Impact of 5G APIs on IoT Core

The impact of 5G APIs on IoT Core is significant. With the introduction of 5G technology, the potential for innovation and efficiency in the IoT core landscape has skyrocketed. 5G APIs provide developers with the tools and resources they need to build and deploy IoT applications at scale, enabling seamless connectivity and real-time data processing.

By leveraging 5G APIs, IoT devices can communicate and interact with each other more efficiently, leading to improved overall performance and reliability. The high-speed, low-latency nature of 5G networks allows for faster data transmission and reduced response times, enabling real-time monitoring, control, and analysis of IoT devices.

Moreover, 5G APIs unlock new possibilities for IoT applications in various industries, including manufacturing, healthcare, transportation, and smart cities. They enable the integration of IoT devices with other emerging technologies like artificial intelligence, machine learning, and edge computing, creating a powerful ecosystem of connected devices and services.

Overall, the impact of 5G APIs on IoT Core is transformative. It opens up new avenues for innovation, enhances operational efficiency, and drives the growth of the IoT industry.

Driving Innovation and Efficiency

5G APIs are driving innovation and efficiency in the telecom industry. By providing developers with standardized interfaces and protocols, 5G APIs simplify the development process and accelerate the deployment of IoT applications.

With 5G APIs, developers can easily access and utilize the advanced features and capabilities of 5G networks, such as network slicing, edge computing, and massive IoT connectivity. This enables them to create innovative solutions that leverage the full potential of 5G technology.

Furthermore, 5G APIs enable efficient resource management and optimization. They allow for dynamic allocation of network resources based on application requirements, ensuring optimal performance and utilization of network resources.

In addition, 5G APIs facilitate seamless integration and interoperability between different IoT devices and platforms. They provide a common language for communication and data exchange, eliminating compatibility issues and enabling a unified IoT ecosystem.

Overall, 5G APIs play a crucial role in driving innovation and efficiency in the telecom industry, empowering developers to create groundbreaking IoT solutions and unlocking new opportunities for growth and revenue.

Monetizing 5G APIs in the Telecom Industry

The monetization of 5G APIs presents a significant opportunity for the telecom industry. By offering 5G APIs as a service, telecom operators can generate new revenue streams and tap into the growing demand for IoT solutions.

Telecom operators can monetize 5G APIs through various models, such as API subscriptions, usage-based pricing, and revenue sharing with developers. By providing developers with access to 5G APIs, telecom operators can enable the creation of innovative IoT applications and charge for the usage of their APIs.

Moreover, telecom operators can offer value-added services on top of their 5G APIs, such as analytics, security, and management tools. These services can provide additional revenue streams and create differentiation in the market.

Furthermore, telecom operators can leverage 5G APIs to enable new business models and partnerships. They can collaborate with IoT solution providers, device manufacturers, and other ecosystem players to create bundled offerings and joint go-to-market strategies.

In summary, the monetization of 5G APIs presents a significant opportunity for telecom operators to generate revenue, foster innovation, and strengthen their position in the IoT market.

Challenges and Opportunities Ahead

While 5G APIs offer immense opportunities, they also come with certain challenges. One of the main challenges is the complexity of integrating and managing diverse IoT devices and platforms. Ensuring seamless interoperability and compatibility across different technologies and vendors requires careful planning and coordination.

Another challenge is the security and privacy of IoT data. With the increasing number of connected devices and the massive amount of data generated, ensuring the confidentiality, integrity, and availability of IoT data becomes crucial. Robust security measures and protocols need to be in place to protect against cyber threats and unauthorized access.

Furthermore, the deployment and implementation of 5G networks and infrastructure require significant investments and upgrades. Telecom operators need to invest in building the necessary infrastructure, including base stations, antennas, and network equipment, to support 5G connectivity.

Despite these challenges, there are abundant opportunities ahead. The adoption of 5G technology and the proliferation of IoT devices create a fertile ground for innovation and business growth. By leveraging 5G APIs, businesses can unlock new revenue streams, improve operational efficiency, and deliver enhanced customer experiences.

Moreover, the combination of 5G APIs with other emerging technologies, such as artificial intelligence and edge computing, opens up new possibilities for value creation and differentiation. Businesses can leverage these technologies to develop intelligent and autonomous IoT solutions that drive efficiency, productivity, and innovation.

In conclusion, while there are challenges to overcome, the opportunities presented by 5G APIs and the IoT are immense. Businesses that embrace these technologies and adapt to the changing landscape will be well-positioned to thrive in the telecom industry.

Future Outlook and Trends

The future outlook for 5G APIs and the IoT is promising. As 5G networks continue to roll out globally and IoT adoption accelerates, the demand for 5G APIs is expected to soar.

One of the key trends in the future is the convergence of 5G, IoT, and edge computing. With the proliferation of edge devices and the need for real-time data processing, edge computing becomes crucial. 5G APIs will play a vital role in enabling seamless connectivity and data exchange between edge devices, cloud platforms, and IoT applications.

Another trend is the integration of 5G APIs with artificial intelligence and machine learning. By combining the power of 5G networks with AI and ML algorithms, businesses can leverage real-time data analytics and insights to drive intelligent decision-making and automation.

Furthermore, the emergence of industry-specific IoT standards and frameworks will shape the future of 5G APIs. As different industries adopt IoT solutions, industry-specific APIs and protocols will be developed to address the unique requirements and challenges of each sector.

In summary, the future of 5G APIs and the IoT is characterized by convergence, intelligence, and industry-specific solutions. Businesses that stay ahead of these trends and embrace the opportunities they bring will be well-positioned to thrive in the rapidly evolving telecom industry.

This is a repost of the following article from TechCrunch

Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO

The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG).

The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG).

Understanding Healthcare Ransomware Attacks

UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. healthcare system.

This is the first time the health insurance giant has given an assessment of how hackers broke into Change Healthcare’s systems, during which massive amounts of health data were exfiltrated from its systems. UnitedHealth said last week that the hackers stole health data on a “substantial proportion of people in America.”

Change Healthcare processes health insurance and billing claims for around half of all U.S. residents.

According to Witty’s testimony, the criminal hackers “used compromised credentials to remotely access a Change Healthcare Citrix portal.” Organizations like Change use Citrix software to let employees access their work computers remotely on their internal networks.

Witty did not elaborate on how the credentials were stolen. The Wall Street Journal first reported the hacker’s use of compromised credentials last week.

Importance of Multi-Factor Authentication in Healthcare

However, Witty did say the portal “did not have multifactor authentication,” which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employee’s trusted device, such as their phone. It’s not known why Change did not set up multifactor authentication on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems.

“Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data,” said Witty.

Witty said the hackers deployed ransomware nine days later on February 21, prompting the health giant to shut down its network to contain the breach.

UnitedHealth confirmed last week that the company paid a ransom to the hackers who claimed responsibility for the cyberattack and the subsequent theft of terabytes of stolen data. The hackers, known as RansomHub, are the second gang to lay claim to the data theft after posting a portion of the stolen data to the dark web and demanding a ransom to not sell the information.

UnitedHealth earlier this month said the ransomware attack cost it more than $870 million in the first quarter, in which the company made close to $100 billion in revenue.

Discover the alarming trend of bank fraud where accounts are compromised through the use of mobile phone replacement SIM cards.

The Rise of Mobile Phone Replacement SIM Card Fraud

Mobile phone replacement SIM card fraud is a growing trend in the world of bank fraud. This method involves fraudsters obtaining a replacement SIM card for the victim's mobile phone without their knowledge or consent. With this new SIM card, the fraudsters gain access to the victim's phone number and can intercept any calls or messages intended for the victim.

The rise of this type of fraud can be attributed to the increasing reliance on mobile phones for various banking activities. Many banks now offer options for mobile banking, such as receiving transaction notifications and authorizing payments through SMS. This convenience also opens up opportunities for fraudsters to exploit vulnerabilities in the system.

Fraudsters use various tactics to obtain a replacement SIM card for the victim's phone. They may impersonate the victim and claim that their phone has been lost or stolen, or they may pose as a representative from the victim's mobile service provider and request a replacement SIM card for a different reason. In some cases, the fraudsters may even bribe or collude with employees of the mobile service provider to carry out the SIM card replacement.

Once the fraudsters have the replacement SIM card, they can effectively take control of the victim's phone number. They can receive any calls or messages intended for the victim, including one-time passwords or verification codes sent by banks for authentication purposes. With this information, the fraudsters can bypass security measures and gain unauthorized access to the victim's bank accounts.

ASB technology and operations executive general manager David Bullock explains how a common phishing scam works.

2 An optional caption for the image that will be added to the gallery. Enter any descriptive text for this image that you would like visitors to be able to read.

3 An optional caption for the image that will be added to the gallery. Enter any descriptive text for this image that you would like visitors to be able to read.

4 An optional caption for the image that will be added to the gallery. Enter any descriptive text for this image that you would like visitors to be able to read.

5 An optional caption for the image that will be added to the gallery. Enter any descriptive text for this image that you would like visitors to be able to read.

How Fraudsters Gain Access to Accounts

Fraudsters have developed various methods to gain access to bank accounts using mobile phone replacement SIM cards. One common technique is known as SIM swapping, where the fraudster contacts the victim's mobile service provider and requests a SIM card replacement. The fraudster may use social engineering tactics to convince the provider that they are the legitimate account holder.

Once the fraudster has control of the victim's phone number, they can carry out a range of fraudulent activities. They can intercept SMS messages containing one-time passwords or verification codes sent by banks and use them to access the victim's accounts. They can also make unauthorized transactions or transfer funds to their own accounts.

Another method used by fraudsters is phishing. They may send fake emails or messages to the victim, pretending to be from their bank or another trusted organization. These messages often contain links that lead to fraudulent websites designed to steal the victim's login credentials or other sensitive information. Once the fraudsters have this information, they can easily gain access to the victim's bank accounts.

Fraudsters may also exploit vulnerabilities in mobile banking apps or other banking systems. They may use malware or other malicious software to gain unauthorized access to the victim's device or intercept sensitive data. It is crucial for individuals to keep their mobile devices and banking apps updated with the latest security patches to minimize the risk of such attacks.

Impact on Victims and Banks

The impact of mobile phone replacement SIM card fraud can be devastating for both victims and banks. For victims, this type of fraud can result in financial loss, identity theft, and a significant amount of stress and inconvenience. They may find unauthorized transactions on their bank statements or receive notifications of changes to their accounts that they did not authorize.

Victims may also face challenges when trying to resolve the issue and recover their funds. They may need to contact their bank, provide evidence of the fraudulent activity, and go through a lengthy investigation process. In some cases, victims may not be able to recover their lost funds, especially if the fraudsters have already withdrawn or transferred the money to untraceable accounts.

For banks, mobile phone replacement SIM card fraud poses a risk to their reputation and customer trust. If customers feel that their accounts are not secure, they may choose to switch to a different bank or reduce their usage of mobile banking services. This can lead to financial losses for the banks and a decline in customer satisfaction.

Banks also incur costs associated with investigating and resolving fraud cases. They need to allocate resources to enhance security measures and educate their customers about the risks of mobile phone replacement SIM card fraud. This includes providing guidance on how to detect and report fraudulent activities, as well as implementing additional authentication methods to prevent unauthorized access to accounts.

Preventative Measures to Safeguard Your Account

To protect yourself from mobile phone replacement SIM card fraud and safeguard your bank accounts, it is important to take certain preventative measures. Here are some tips to consider:

- Keep your mobile device secure by setting a strong passcode or using biometric authentication.

- Enable two-factor authentication for your banking apps and services. This adds an extra layer of security by requiring a verification code in addition to your login credentials.

- Regularly monitor your bank accounts and review your transaction history. Report any suspicious activity to your bank immediately.

- Be cautious of unsolicited phone calls or messages asking for personal or financial information. Do not provide any sensitive information unless you have verified the legitimacy of the request.

- Avoid clicking on links or downloading attachments from unknown or suspicious sources. These could be phishing attempts.

- Keep your mobile service provider informed about any changes to your account, such as updating your contact information or requesting a SIM card replacement. This can help prevent unauthorized SIM swaps.

- Stay informed about the latest scams and fraud techniques. Educate yourself about the risks and how to protect against them.

Legal Actions and Consequences for Fraudsters

Mobile phone replacement SIM card fraud is a serious crime with legal consequences. If caught, fraudsters can face various charges, including identity theft, unauthorized access to computer systems, and financial fraud. The penalties for these crimes can range from fines to imprisonment, depending on the severity of the offense and the jurisdiction in which it is prosecuted.

In addition to legal actions, banks and law enforcement agencies work together to identify and track down fraudsters involved in mobile phone replacement SIM card fraud. They may conduct investigations, collect evidence, and collaborate with international authorities to dismantle criminal networks.

It is important for individuals to report any incidents of mobile phone replacement SIM card fraud to their local law enforcement agencies and their bank. By reporting these crimes, victims can help authorities gather information and build cases against the fraudsters. It is also crucial to cooperate with banks during the investigation process to increase the chances of recovering any lost funds.

By holding fraudsters accountable for their actions, society can send a strong message that mobile phone replacement SIM card fraud will not be tolerated. This can help deter potential fraudsters and protect individuals and banks from falling victim to these types of crimes.