News & Insights

Risk and Financial Advisory Solutions Hit with SMS (2FA) Swap Attack

What happened?

On Saturday, August 19, 2023, a Kroll employee fell victim to a sophisticated “SIM swapping” cyber-attack, targeting their T-Mobile US., Inc. account. This attack involved the transfer of the Kroll employee’s phone number by T-Mobile to the threat actor’s device at their request. The Kroll employee did not receive notification from T-Mobile or provide authorization.

The threat attacker was granted access to files with personal information of bankruptcy claimants related to BlockFi, FTX, and Genesis.

Kroll stated there is no evidence that additional Kroll systems or accounts were impacted. A full investigation with the FBI is underway.

Next Steps:

SIM swapping poses serious risks. Cybercriminals often engage in phishing or intensive research from social media to collect personal details about potential victims, including birthdates, mother’s maiden names, and information about their educational background.

Armed with this information, attackers can manipulate cellular carriers into transferring victims’ phone numbers to their personal SIM cards, effectively hijacking communications and gaining unauthorized access to sensitive accounts, files, and systems.

With cyber-attacks becoming more sophisticated and recurrent, firms should consider moving away from SMS based two-factor authentication (2FA), and instead encourage the use of multi-factor authentication (MFA), through applications such as Authy or Microsoft Authenticator.

Fairview Cyber offers turnkey solutions that address SEC requirements for cybersecurity. Our team of regulatory experts are available to answer any questions you may have regarding training, phishing, and vendor due diligence. Visit our Cyber Solutions page or contact us to learn more.