- Ransomware attackers are targeting children's phones to extort big companies.
- As companies improve defenses, attackers are becoming more creative, security experts say.
- Mandiant CTO Charles Carmakal said attackers have "no rules of engagement."
It's 10 p.m., do you know where your children's phones are?
They could be getting SIM swapped.
As corporations amp up their cyber defenses, malicious hackers are getting more creative, reports Mandiant, a leading cybersecurity firm and Google subsidiary. Hackers are even going so far as to target the children of corporate executives in the hopes of holding personal information ransom — an attack known as ransomware.
Ransomware attacks typically come from malicious actors who hack into companies or other entities to steal data, which they then hold until the victim agrees to pay a fee. The attacks leave the victims unable to access the stolen data, which can cripple the institution until the ransom is paid.
The attacks have become more common in the United States in recent years, most famously when a Russian hacker took down a 5,000-mile gas pipeline on the East Coast in 2021.
In February, ransomware attackers targeted Chain Healthcare, the payment management arm of healthcare giant UnitedHealth Group, causing backlogs in prescription insurance claims.
Ransomware can be introduced to a company's databases through even the smallest slip by an employee, like clicking a link in a phishing email. But as companies have gotten better at keeping criminals out, the crooks have gotten more creative, Mandiant CTO Charles Carmakal says.
Speaking at the RSA Conference in San Francisco — an annual gathering of cybersecurity experts — earlier this week, Carmakal said some of the attackers have "no rules of engagement," even targeting executive's kids, according to The Register, a tech news publication.
"We saw situations where threat actors essentially SIM swap the phones of children of executives — and start making phone calls to executives — from the phone numbers of their children," Carmakal said, according to the outlet.
SIM swapping is when criminals gain remote access to your cellphone's SIM card and then route control of incoming and outgoing calls and messages to their own phone.
Carmakal said the ransomware hackers use different methods of getting access to cellphones, including, in some cases, simply spoofing a fake caller ID.
"Think about the psychological dilemma that the executive goes through — seeing a phone call from the children, picking up the phone, and hearing that it's somebody else's voice?" Carmakal said.
Carmakal said these kinds of scams put an extra burden on the executive, who has to choose between protecting customers and their own employees and their families.
"That's a pretty scary shift," he said.
In a December Google Cloud security forecast, Carmakal said Google expected to see an uptick this year in younger malicious actors using newer techniques for cyber crimes, like social engineering through text messages.
The best way to protect yourself from ransomware is to avoid visiting suspicious websites, never open file attachments from someone you don't know, and be wary of links on social media, Microsoft says.