RoboCalls—The Gateway to Ransomware Attacks
So the STIR/SHAKEN mechanism is in place … sort of.
As we heard at the CFCA Conference last week, 90% of wireless calls are signed.
According to PIRG, a consumer watchdog, it breaks down this way:
- There were 8,336 total phone providers in the FCC Robocall Mitigate Database as of July 1, 2023.
- 2,745 completed STIR/SHAKEN, the robocall-fighting technology mandated by the federal law.
- 5,591 have not completed STIR/SHAKEN.
Starting with the banks, enterprises are working with the telco industry to “Unlock Trust in Communication and Build a Secure Framework to Curb Robocalls.”
Where Ransomware Attacks Begin
Robo Calls into your contact center are the gateway to ransomware fraud. Robo Callers cycle through your numbers until they reach an agent or employee who picks up. They then misrepresent themselves to persuade the agent or employee to divulge confidential information such as passwords, organization and infrastructure information. This is then used to hack your systems and cause the damage.
The MGM Casino Ransomware Scam which cost them $100 million started with a Robocall Vishing for password information which was divulged through social engineering.
Some wholesale operators are intentionally signing Robo Calls. These must be weeded out. The telco/MSP industry must fix itself, so the government does not need to step in.
A Verified SIP Header
Here’s how the verstat token looks inside the SIP when a caller is certified to be who they claim to be.
Example
P-Asserted-Identity: "[V]" <sip:12004039434;verstat=TN-Validation-Passed@10.14.126.216:5060;user=phone>
The different values for verstat within the PAID (P-Asserted-ID) are:
- TN-Validation-Passed
- TN-Validation-Failed
- No-TN-Validation
Below is an example of the Identity Header when verified by your terminating service provider:
Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1I joiaHR0cHM6Ly9zaGFrZW4uc3BlY3RydW0uY29tLzRkNjVlZmRiOGExY2EzNjZlOTU3Nm M4ZmRhNzQ3ZmE0LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMjA3NTI xNTAxNiJdfSwiaWF0IjoxNjkwOTQzNDY4LCJvcmlnIjp7InRuIjoiMTIwNzQwMzk0MzQif Swib3JpZ2lkIjoiYTI3ZWU1NjQtMmNmNC00NzQ3LWFjMzQtNzBhOGE0ZWEyZTkyIn0.z2f ki3r_YUnvAbwj5A1xu-DWDTNql-7zH6lmetYuqL82BreWtZVSZh7Ax1y2SG-zn1FZGSdU0 yDfcvcv1MTD1w;info=<https://shaken.spectrum.com/4d65efdb8a1ca366e9576c 8fda747fa4.pem>;alg=ES256;ppt=shaken
This can be analyzed to determine that the PASSporTs in the call are tied to the certificate belonging to the carrier.
You’ve heard this before…
In Order to Improve Something, First You Need to Measure It
First step for enterprises is to measure which calls, coming into their contact centers, are RoboCalls and which are not. It’s easily done. Even if your carrier doesn’t provide you with these reports.
Solution
You don’t want to block those calls. It may be a sales opportunity.
Identify the robo calls and route them either to a CAPTCHA server, or to agents trained on social engineering techniques.
Conclusion
According to TU, 73% of consumers say they have not answered calls because of concerns about safety or fraud. 58% of consumers say that in the past three months, they have missed important calls because they could not immediately identify the caller. Only 10% of phone calls are actually answered.
STIR/SHAKEN, the mechanism to ensure a caller is certified to be who they claim to be is now in place. Abuses and poor implementations exist. Attestation policies are not yet consistent. But if we start now to measure and analyze which calls are certified and which calls are not certified, we can reclaim our phone network.