Network Security

Cybercriminals can use leaked pager data to set up victims

While cartoon crime fighter Kim Possible may be the last character, real or unreal, to regularly use a pager/beeper, Trend Micro is still finding these somewhat old-fashion communication devices that are still in use leak wide variety of private information potentially opening up the users for a conventional cyberattack.

The fact is pagers are still used in a variety of industries and thus need to be on any CISO's radar. The third installment (first report and second report) in Trend Micro's “Leaking Beeps” series show how IT systems that work with unencrypted pagers can be accessed and the data recovered used by malicious actors for a wide variety of purposes.

“To do that, we looked at pages that were sent or received through email-to-pager and SMS-to-pager gateways and those that were coupled with IT systems such as network monitoring solutions and voicemail summary systems,” the report stated.

Some of the information that could be recovered was the names of people being paged, the relationship between the sender and recipient, contact information and email. The data can also indicate what sector the people are involved which can help determine if they are worth singling out for an attack.

“During our research, we also found that passcodes for the Microsoft® Outlook Web App and conference bridges are being sent through pagers. If this type of data falls in the hands of malicious actors, they can get insider information through emails and use collected information to create a list of names within the target organization for future use in phishing attacks. In addition, attackers may also join in conference bridge calls and spy on their targets to listen in on confidential conversations,” the report stated.

Trend Micro recommends that companies, if possible, upgrade their systems and drop pagers as a communications device. However, if that is not possible the pagers should be encrypted so any leaked data cannot be read by an unauthorized third party.

In an earlier report Trend Micro researchers detailed how they intercepted and decoded information pulled from pagers used by the medical community.

Related

Attacks against SAP apps on the rise

SecurityWeek reports that SAP systems have been subjected to a 400% increase in ransomware attacks during the last three years, while hacker forum conversations regarding SAP vulnerabilities and SAP-specific cloud and web services rose by 490% and 220%, respectively, over the same period.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.