Last Friday, a sudden flurry of service disruptions hit Lyca Mobile, a prominent Mobile Virtual Network Operator (MVNO) on EE’s platform, leaving many customers unable to make calls or send text messages. Initially, the root cause was unclear, but by Sunday, the mobile operator confirmed the suspicions: a cyberattack was the culprit behind the service anomalies.
The unsettling series of events commenced around midday when a wave of customers started facing issues with mobile calls and text (SMS) messaging. The situation escalated as customers scrambled to contact customer support or top up their credit via Lyca’s website, only to find those channels were affected too.
Lyca Mobile was swift to respond as they issued a statement the following day, acknowledging the cyberattack and its adverse impact on their network operations. The announcement, which can be viewed on their official website, provides insight into the situation, albeit without delving into the gritty technical details.
The cyber onslaught on Lyca Mobile is a glaring manifestation of the escalating cyber threats that the telecommunications sector grapples with. As an MVNO, Lyca Mobile relies on EE’s robust platform, yet the incident highlights that even such collaborative arrangements aren’t immune to the sophisticated cyber threats that loom large in the digital realm.
This incident is not only a call to action for Lyca Mobile but resonates across the telecommunications sector, emphasizing the critical importance of implementing and continuously upgrading cybersecurity measures. The Lyca Mobile cyberattack narrative accentuates that ensuring the security and reliability of telecommunication services is not merely a technical requirement but a critical component for customer trust and business continuity.
As Lyca Mobile navigates through the aftermath, stakeholders and customers alike are keenly awaiting further updates on the restoration of services and, more importantly, the measures that will be instituted to fortify against future cyber-attacks. The digital age, while offering unbound opportunities, also presents an array of cyber threats that necessitate a fortified defense for entities operating within the telecommunications sphere.
The narrative of Lyca Mobile’s cyber misfortune serves as a potent reminder to MVNOs and primary network operators about the imperative of fostering a culture of cybersecurity excellence to navigate the tumultuous waters of the digital domain securely. This incident also underscores the necessity for transparent communication from service providers to their clientele during times of crisis, to maintain trust and assure customers that measures are being undertaken to rectify the situation and prevent future occurrences.
This is an example of a cyberattack having very real and physical impacts on society. Last Friday, social media sites were awash with complaints from angry Lyca Mobile customers over their inability to send text messages and make calls. It is now clear this was caused by what looks like a massive cyberattack that impacted all of Lyca Mobile markets.
At this early stage, it is unlikely Lyca Mobile will have a clear understanding of exactly what has happened, but it is clear the attackers managed to get deep enough into the service provider’s network to take down key services – this could indicate it was ransomware Lyca Mobile was dealing with. However, the company has reported that its data is encrypted, so hopefully this means attackers won’t have been able to reach anything which puts customers at risk.
The attack is another reminder that there is no immunity from cybercrime today. Attackers have a long target list and there is a high chance you are on it. This means improving defences must be a priority.
With over 80% of today’s cyberattacks being executed through stolen credentials, organisations must focus on securing these as a priority. Phishing is generally a tactic used to steal passwords from employees, so the safest way to remediate this threat is by removing passwords from the hands of the workforce, eliminating the phishing risk altogether.
Using a modern workforce identity management solution that provides Single Sign-On and enterprise password management, enables passwords to be used where applications rely on them, but have them hidden from the workforce, significantly improving the user experience and enhancing security.
This means even when sophisticated phishing scams do reach the user’s inbox, they don’t have the ability to disclose their passwords because they simply don’t know them, which adds significant improvements to security defences.