A high-profile cyber attack targeted a prominent company, Kroll. This attack utilized a sophisticated technique known as “SIM swapping,” which allowed the threat actor to gain unauthorized access to sensitive personal information.
On Saturday, August 19, 2023, Kroll was informed about the SIM swapping attack that targeted a T-Mobile US., Inc. account belonging to a Kroll employee.
Immediate actions were taken to secure the three affected accounts, said Kroll, a cybersecurity company.
The SIM Swapping Attack
This method involves convincing a mobile carrier to transfer a victim’s phone number to a device under the attacker’s control.
In this case, T-Mobile transferred the Kroll employee’s phone number to the attacker’s phone upon their request, giving them control over incoming calls and messages.
From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints about SIM swapping incidents with adjusted losses of approximately $12 million.
In 2021, IC3 received 1,611 SIM swapping complaints with more than $68 million in adjusted losses.
Access to Sensitive Information
As a result of the SIM swapping attack, the threat actor gained access to certain files containing the personal information of individuals involved in bankruptcy claims related to BlockFi, FTX, and Genesis.
This breach of confidential data poses serious concerns for affected individuals, as their personal information could be misused for fraudulent activities or identity theft.
Upon discovering the attack, immediate actions were taken to secure the affected accounts of BlockFi, FTX, and Genesis.
Affected individuals were promptly notified via email to ensure they were aware of the breach and could take necessary precautions.
Kroll also stressed its cooperation with the FBI to conduct a thorough investigation into the incident, aiming to bring the responsible parties to justice.
Preventative Measures and Vigilance
Kroll’s response to the incident highlights the importance of cybersecurity practices and the need for constant vigilance against such threats.
The company has provided a list of actions it will never ask or require individuals to undertake in connection with bankruptcy claims or asset distribution.
This includes not linking a cryptocurrency wallet to a website or application, not sharing seed phrases or private keys, avoiding downloads of unfamiliar software or wallet applications, refraining from providing passwords via email, text, or phone, and not sharing personal identifying information through insecure channels.
While the investigation is ongoing, this incident serves as a cautionary tale for individuals and businesses alike, highlighting the critical role of proactive security practices, employee education, and partnerships with law enforcement agencies.
It is a reminder to use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.