The business of cybercrime: top 5 ways telco customers are ripped off

The rise in cybercrime is an undeniable reality. However, the threat is underestimated, particularly when it comes to individuals, small businesses, and small offices / home offices (SOHOs). The prevailing notion is that regular internet users have little to offer to cybercriminals because of the misconception that they are low-value targets. But what exactly constitutes target value?  

A deeper analysis of the situation raises a significant question… What motivates cybercriminals to target everyday internet users within a Telco’s customer base? For providers of cybersecurity solutions for the everyday user, understanding the motivations for cybercriminals in targeting the customer base is crucial.  

In a new Cyber Threat Report, we analyzed the prevalent cyber threats effectively thwarted by Allot Secure for subscribers of over 20 international telecommunication service providers, shedding light on the underlying business motivations driving cybercriminal activities.  

These are the top 5 ways telco customers are being ripped off by cybercriminals. 

#1: Private User Data in the Black Market 

More and more individuals and small businesses handle personal, operational, and financial matters online. Everyday users may have varied levels of awareness and unknowingly fall victim to cybercriminals with access to their valuable information for identity theft, fraud, or financial exploitation. Additionally, regular internet users are an easy target due to the frequent lack of robust cybersecurity measures compared to more sophisticated institutions.  

Subscriber credentials are becoming as valuable as any other commodity. One has a perfect picture of it simply by looking at the rates regular user credentials fetch in the black market and the alarming ease of trading them. 

According to the Dark Web Price Index published by Privacy Affairs, some bank logins can fetch more than $4000 on the dark web. 

#2: Cryptojacking 

Cryptojacking is a crafty cybercrime involving the takeover of your devices (e.g., computers, smartphones, tablets, or even servers) without your knowledge. The goal? To mine cryptocurrency, all in the pursuit of profit. 

Cryptojackers are essentially resource thieves, hijacking your devices to mine cryptocurrencies without bothering to invest in expensive equipment or foot the electricity bill. It’s their way of savoring crypto profits without breaking the bank because they are hijacking telecom customer resources. 

#3: Digital Footprint as a Commodity 

As businesses increasingly rely on digital channels to engage with customers, and with more advanced analytics tools available, user information has become the most valuable asset, raising new cybersecurity issues. Even though we often hear about major digital players facing data breaches, the reality is that spyware tracking and fingerprint collection happen every day without making headlines. 

Spyware web trackers will use private information without asking for a click on “accept all” cookies. Data collected by Spyware trackers is used for targeted advertising and profiling, which are sold to third parties without your knowledge. 

The impact of this spyware goes beyond mere data collection, affecting users on personal, financial, and emotional levels. Having the most accurate and fresh user data allows cybercriminals to target their victims individually. A common and deceiving use case is getting a phishing email impersonating an online store that was used just minutes ago, talking about some issue or asking for confirmation of a purchase. Stolen information can lead to identity theft and financial loss.  

#4: Pay Per View Malvertising 

In the world of cyber threats, two troublemakers—Adware and Browser Hijackers—have a niche for themselves, serving as money-making tools for cyber criminals.  

Adware tiptoes into your devices with one mission in mind: to flood your screen with irritating ads. It often disguises itself within seemingly harmless downloads or bundles itself with legitimate applications. It collects user data for ad targeting and, even worse, it can expose links associated with major cyberattacks. Behind the scenes, adware operates on the principle of pay-per-click (PPC) and pay-per-view (PPV). Each time you click on or even glance at those intrusive ads, cyber criminals cash in. Advertisers unknowingly foot the bill for these interactions, creating a revenue stream for the bad actors. 

Browser hijackers tweak your browser settings without your approval, redirecting you to unwanted sites and tampering with your search results. With hijackers at the wheel, you lose control over your browsing freedom. They decide where you go and what you see in your search results. This makes your navigation a highly risky open door for cybercrime. Browser hijackers may guide you straight to clicks leading to virus downloads or phishing sites, opening the door to identity theft as you unknowingly share your personal info on shady pages. 

#5: Ransomware  

While attacks on large enterprises and government organizations have been making headlines, many researchers warn that smaller-scale attacks on individuals and small businesses are also causing significant harm. 

Many ransomware gangs intentionally steer clear of larger targets, choosing victims who may lack the technical knowledge to navigate such incidents. These attacks often involve ransomware-as-a-service strains deployed in spray-and-pray assaults against smaller targets facilitated by relatively unsophisticated actors. These incidents frequently zero in on individual users or small businesses that lack the resources for robust security measures.  

Perpetrators often disguise these attacks as popular software downloads or deliver them through mass phishing campaigns. When targeting large organizations, the motivation for a ransomware attack may vary from the disruption of operations caused by downtime and reputation to pure financial gain. However, attacks on individuals and small businesses are less targeted and “only” aim at paybacks. 

Learn more: knowledge is power 

After careful analysis of these types of cyberattacks perpetuated on telcom subscribers, we see that they are considerably more lucrative to cybercriminals than commonly perceived.  

Neglecting the need for security is a risk we can no longer afford, particularly given the escalating dependence on the digital world, which introduces an increasing number of vulnerabilities. Cybercriminals continue to refine their deceptive tactics, operating silently behind the scenes, and the potential gains are too substantial for this trend to subside anytime soon.  

To shed more light on the issue, we are holding a webinar on the topic. In this webinar we’ll discuss the new Cyber Threat Report, which examines the intricate world of cybercriminals and their methodologies. We’ll also present some ways that communication service providers can protect their customers from cybercrime and disincentive cybercriminals.