Blog

Home > Newsroom > Blog > Real-time Network Protection Critical in Wake of Sophisticated Flubot Cyberattacks

Real-time Network Protection Critical in Wake of Sophisticated Flubot Cyberattacks

As the global pandemic with Covid accelerated online and remote transactions, more network customers are becoming vulnerable to fraud and cyber-attacks.

One major area of concern for CSPs are SMS phishing attacks, in which unsuspecting customers are targeted with text messages that prompt them to reveal personal or financial information, potentially leading to account takeover. CSPs are challenged to build the right defenses and monitoring to protect and predict these sophisticated attacks.

Addressing New Malicious Threats

A recent SMS phishing attack, called “Flubot,” has been particularly challenging. Flubot attacks have been identified across many countries including Spain, Germany, Hungary, Italy, Ireland, Poland, and the U.K, and is now spreading across other regions. Mavenir security teams have seen this attack grow from 50 – 100 spam messages each day to thousands of messages being sent per day.

Taking advantage of the recent uptick in home deliveries, the Flubot spyware targets unsuspecting customers using an SMS package delivery message, prompting the user to download a “missed packaged delivery” application on their phone. Once installed, the spyware gains permission to website and banking information, lifting passwords that are stored on the device. This spyware also gains control rights of the user’s phone and begins sending out similar phishing text messages to other potential victims in both national and international locations.

At first, Flubot used static nonchanging URLs that were easy to catch with standard cyber security tools. However, as Flubot began to spread, so did the complexity. Normal methods of spam traps stopped working because Flubot began using smarter targeting with live subscriber numbers and randomizing the URL’s it used, to the level that the URL’s used are almost never repeated. Based on what Mavenir’s security team has seen, the live numbers Flubot is using most likely came from enterprise data breaches on public sites in some countries. Because of the way Flubot is morphing, and the fact that the phone numbers it uses to send messages belong to legitimate customers, it is difficult for CSPs to simply turn off the source using traditional approaches.

Enhancing Network Security to Protect Customers and Revenue

CSPs are not only experiencing challenges in protecting their customers, they are also experiencing a loss of revenue due to Flubot and other malicious attacks. A key revenue stream for CSPs is Application to Person (A2P) text messaging, which is now forecasted to grow at 6.7% CAGR through 2024, increasing the global revenues to over $21 billion[1]. This growth in value and volume directly corresponds to key sectors within Financial Services, Enterprise Software and Healthcare. When customers are not protected from the fraudulent spam activity, this revenue is lost. Additionally, because of the attacks, support costs with interconnect fees, customer support calls, and subscriber refunds are going up and affecting the bottom line.

For more information on SpamShield, visit Mavenir’s Security SpamShield site.

[1] Source1: Global A2P Messaging Market Report 2021: Analysis and Forecast 2020-2026 – ResearchAndMarkets.com|Business Wire

Related Content

Resources