Flaw in SS7 Lets Attackers Empty Bank Accounts

Flaw in SS7 Lets Attackers Empty Bank Accounts

A UK bank fell victim to a malicious SS7 attack that led to cyber-criminals emptying bank accounts at the UK’s Metro Bank, according to Motherboard.

Though malicious actors have been able to exploit flaws in telecommunication infrastructure for years, it’s not being reported that attacks are able to intercept codes used for banking using Signaling System 7 (SS7) attacks. According to Motherboard, the National Cyber Security Centre (NCSC) said that it is aware that cyber-criminals are exploiting a telecommunications vulnerability to target bank accounts “by intercepting SMS text messages used as 2-Factor Authentication.”

By Kacy Zurkus

To read the full article click here.