Like a driver’s license confirms your identity, your phone number is used to verify your identity online. Given the widespread use of phone numbers in two-factor authentication and password reset, SIMs are an extremely valuable target for cybercriminals –– and anyone could become a victim. Armed with only a phone number, cybercriminals manipulate their way into accessing personal financial information, cryptocurrency accounts, and even corporate email accounts, exposing sensitive data that could lead to millions in financial damages.

By Andrew Cockburn, Principal Consulting Engineer, NETSCOUT, and Rich Compton, DDoS Special Interest Group Chair, M3AAWG; Principal Network Security Engineer III, Charter Communications

This is the first installment of M3AAWG’s “State of the Union” series, where members provide updates on prominent, evolving issues and events in the industry. 

Distributed Denial of Service (DDoS) attacks are used by cybercriminals to shut down networks and websites, and targets can range from a single website to major services. Today, we’re seeing an increase in the sheer amount of DDoS attacks, part of a continuous upward trajectory over the past 30+ years.  Further, tactics are rapidly evolving, yet range in sophistication. In turn, experts are constantly working to pinpoint new techniques and mitigate attacks. Generally, once professionals notice or identify a new type of channel or vector, it's a race to patch, resolve, and add mitigations for the new attack vector before its usage becomes widespread. 

The global uncertainty created by COVID-19 has left many individuals and organizations vulnerable to online scams and other cyberattacks, making our work and the work of our members, more important than ever. To facilitate anti-abuse collaboration and the development of security best-practices, while ensuring the health and safety of our members, we’re excited to host our 49th General Meeting from June 8-11, 2020 virtually for the first time ever.

Author: Amy Cadagin (M3AAWG Executive Director)

The General Data Protection Regulation (GDPR) was designed to harmonize different data privacy laws across European countries in an effort to protect the privacy and data protection rights of individuals and empower them to better understand and make decisions on who processes their data and in what way.