Showing posts with label AIS. Show all posts
Showing posts with label AIS. Show all posts

Tuesday, 24 September 2024

Detection of Real-world Fake Base Station (FBS) Attacks in Thailand

It's been a while since we created our security tutorial, back in 2018. One of the items we discussed in there were the fake cell towers or the fake base stations. The issues highlighted there still exist as highlighted by AIS CISO, Pepijn Kok at The Telecom Threat Intelligence Summit (TTIS) 2024.

The cyber threat actors exploited GSM authentication vulnerabilities to use fake base stations as part of SMS phishing attacks to steal from real bank accounts. In his talk Pepijn explains how AIS worked with ecosystem partners in Thailand to detect and block these attacks.

The talk described two case studies. The first one was a report from Dec 2022 where certain bank customers and online retail platform users were receiving SMS messages masquerading as the bank or online platform itself (something not typically possible). The messages contained links to malicious content. The second one is a recent case from April 2024 where AIS customers started receiving fake SMS with malicious links. It was obvious in that case that the SMS did not come from the AIS network which triggered AIS to start investigating as they were sure there was a fake base station in operation. The talk describes how in both the scenarios the gangs were caught.

The talk is embedded below:

You can learn more about TTIS here. The video of all the talks from day 1 is here and day 2 is here.

Related Posts