Are the IT Systems Used with Your Pagers Leaking Company Intel?
Although smartphones are the preferred communication device for most companies, there are still a few industries and organizations that continue to use pagers. For those that still do, certain IT systems must be used to send pager messages (pages). Unfortunately, some of those systems introduce substantial risks to the privacy and security of employees and even the enterprise using them.
In the third part of the “Leaking Beeps” series, we describe different types of IT systems—the ones connected with unencrypted pages—that can be used by attackers for reconnaissance or intelligence gathering. In the paper, we also described a few attack scenarios that are made possible by the use of pages. To do that, we looked at pages that were sent or received through email-to-pager and SMS-to-pager gateways and those that were coupled with IT systems such as network monitoring solutions and voicemail summary systems. Such information found in pages can be used in social engineering campaigns that can further attacks against businesses.
How leaked pager information can be used for reconnaissance and intelligence gathering
What types of information, through pagers, can possibly give hints and clues about a company’s infrastructure and its employees? Through leaked pages, malicious actors can obtain details like the names of people who frequently exchange pages; the relationship between sender and receiver; and personal information such as names, contact numbers, and email addresses. Once these cybercriminals get a hold of such information, they can impersonate employees of the target company and/or craft contextually relevant messages to get critical information about the target businesses. An attacker who impersonates employees usually takes advantage of the element of trust between two communicators who exchange pages frequently.
With personal information found in pages, attackers can also build a phonebook containing a list of significant people who belong to specific industries. During our research, we also found that passcodes for the Microsoft® Outlook® Web App (OWA) and conference bridges are being sent through pagers. If this type of data falls in the hands of malicious actors, they can get insider information through emails and use collected information to create a list of names within the target organization for future use in phishing attacks. In addition, attackers may also join in conference bridge calls and spy on their targets to listen in on confidential conversations.
Not only is leaked personal information of employees a violation of privacy, but it could also provide pertinent clues as to what type of sector the employee is working in–be it in government, critical infrastructure, a high-value industry, or financial or healthcare sectors. Similar to the aforementioned attack scenario, malicious actors can also launch social engineering attacks to get inside the perimeter of an organization, from which a targeted attack can be launched. Details surrounding the company’s infrastructure, including ‘weak’ points of their perimeter, can be attained through leaked pages. Some of the leaked information includes incident reports, SQL queries, and paths, which could help an attacker identify vulnerabilities to exploit. Intelligence gathered from an organization intranet, such as the location of servers that store authentication codes and private IPs, can be used by attackers for lateral movement.
With these security risks in mind, we strongly recommend enterprises to opt for an updated and more secure communication tool to use. If pagers cannot be replaced, pages should at least be encrypted to avoid leaking information that could compromise their security. For more details on how the use of pager technology leads to data leakage for different industries and to learn more security recommendations, read our research paper, Leaking Beeps: A Closer Look at IT Systems That Leak Pages.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale