Categories for Telecoms

Magecart Attacks

June 17, 2020 12:24 pm Published by Leave your thoughts

Magecart is a malware framework/operation that targets e-commerce websites and aims at collecting credit card information. It is considered a web-based card skimming attack, as the payment gate on a website is used to steal the customers’ credit card details.

Magecart attacks are named after the online shops that are targeted and which are usually running on the Magento ecommerce platform.

 How it works

The attack works by injecting malicious code in the checkout page of an online store. This can take place either via a malicious third party plugin or via a compromise of the website. 

The code copies the user input, e.g. Credit Card Number, Expiration Date, Card Verification Value (CVV), Name and Address and delivers them to an external location that is controlled by the attackers. In this way, the users are able to proceed with the current transaction without noticing any issues and without getting alerted that their details have been compromised.

The attack is especially dangerous because it hits even the cautious and security aware users that follow best practices – use only trusted devices, use trusted connectivity and check the https connection, and shop only on trusted sites.

 New Active Campaign

Recently, there was another Magecart campaign that was identified by ESET’s research team and shared on Twitter ( The campaign used the domain s1[.]listrakbi[.]org for its command and control communication and information extraction.

From the first moment the threat was identified, Whalebone included the domain in its threat database and protected users that visited the affected websites by blocking only the external connection to the malicious domain, while at the same time allowing the desired user experience.

Additionally, Whalebone’s team was able to take advantage of the power of the available DNS data and identify another compromised website that was part of the same campaign. By tracing the path of previous DNS requests, it was evident that another domain induced the communication with the command and control endpoint. The domain was jeulia[.]com, which at the time of this writing has over 2 million likes on its Facebook page.

As it is evident in the following snippet, the malicious code can be found in the source code of the page during the checkout process.


The incident has been responsibly reported to the website’s administrators.

Update: As a result of this communication, the infection has been cleaned up and further customers’ credit card exposure has been avoided.

New security service for A1 Bulgaria

June 4, 2020 4:10 pm Published by Leave your thoughts

Whalebone and A1 Bulgaria launched A1 Net Protect security service available for all customers.

Whalebone team has succeed to deliver security product with all user touchpoints in record breaking time. From side of A1 Bulgaria we are happy to hear very positive feedback about our collaboration.

„Great ideas, quick response to any request, and valuable support on every step of the way – this is how we would describe best our cooperation with Whalebone. As a result we delivered an innovative and highly appreciated cyber security solution to all customers of A1 Bulgaria,“ said Maya Rakovska, Director Mobile Services and Roaming Division, A1 Bulgaria.


We thank for the great collaboration and looking forward to keeping the A1 customers protected!

More information you can find on the product lading page:

About A1 Bulgaria

A1 is a leading provider of digital services and telecommunication solutions in Bulgaria. With its 4 000 employees the company delivers mobile and fixed services to over 4.5 million customers. Additionally the company offers, high speed broadband internet, digital and satellite TV, including four owned sport channels under MAX Sport brand, financial services, as well as ITS, ICT, cloud and hosting solutions for business customers.  

Maximizing the ARPU from telco security

April 27, 2020 9:01 am Published by Leave your thoughts

A how to guide with insights from Whalebone CEO Richard Malovič.

Knowing how to properly sell your telco products and services has long been a key to business success. Questions include what kind of product or service to sell? What do customers really want? What is currently trending or likely to become a major trend in the future? What is the competition doing and how well is it working?

It’s also important to ask what you can do best. As a telco, what specific types of products and services can your network provide? How big are your customers’ wallets, i.e. what percentage of their expenditures are they willing to pay out for a given product or service?

To ascertain this you need to look at the underlying structure of your customer base and break these down by market segments, e.g. post-paid versus pre-paid customers, average revenue per user in other categories as well, such as residential, mid-sized customers, small businesses, and fixed versus mobile and combined internet users.

The business case

So now that’s you’ve selected a product or service to sell, it’s time to map out the business case and present it to senior management. Determining the business potential by product for each vertical market segment is a key part of the plan. While this can be difficult to ascertain, even using fairly comprehensive internal data, the better idea you, as a product manager, have of the viability of these vertical markets, the easier it will be to lay out the business case.

But what happens when, after trying your hardest to collect internal data across the organization, the picture is still too fragmented to draw solid conclusions?  That’s when it’s advisable to seek out guidance where possible. The best place to start? The vendor. In-depth conversations with forthright, highly transparent vendors regarding their experiences and what types of adoption rates can be expected can go a long way in filling in the blanks in the business case. Experienced, quality vendors like Whalebone can even provide you the figures you need to make a compelling case.


Closing the deal

Fundamentally there are two main types of sales, namely opt-in, and opt-out scenarios that you’ll need to pitch to senior management.

How to close with opt-in

Opt-in means the customer must actively select the product. This can be made extremely easy with Whalebone, as, since there is nothing to install on users devices, customers at their point of sale, be it on your website, via a call center, or at a brick and mortar shop with a sales agent, can simply be asked if they would like the service. In Whalebone’s experience, opt-in uptake rates can range from 40-70% of customers.

How to close with opt-out

Opt-out means the service comes pre-included. The service is actually already running, for free, when the customers signs on. After a standard trial period, the customer can either opt-out of the service or, by doing nothing, continue to receive it for a nominal fee.

While the opt-out scenario does tend to have higher uptake rates, more than 70%, using this method very much depends on your telco’s customer approach and brand style. This scenario would clearly work well with a full service, high end provider, but, for example, may not go over so well and should be replaced with an opt-in scenario for telcos who present their brand image as super economy class. 

At the end of the day the choice of method will usually depend on the regulatory environment in a given country as well as the telcos’ approach to its customers, its brand image and reputation.

Time to market

Yet another consideration is time to market. When launching a new product or service, delay can equal disaster. In today’s dynamic markets, research pointing to market demand may well be outdated by the time the product or service is launched if, for example, this takes a year or more. At the same time, operators must take into consideration their own windows of opportunity and product/service release schedule. Whalebone offers extraordinarily fast time to market, from weeks to months depending on your network complexity and needs, but you won’t be caught watching the clock tick as your competitors cash in.

Thinking strategy

An operators’ overall strategy should also be taken into consideration. Are you working for an operator that prefers to offer a wide range of products drawing incremental revenue from each one? Or is it an operator that prefers to focus on launching a few products on a large scale to impact overall revenue?

Standalone or bundle?

At the same time, it’s important to assess whether the product or service will be launched as a standalone product or part of a bundle. With an increasing number of today’s operators offering convergent products, such as mobile and home internet combining fixed and mobile services, discerning where to place the product or service is an important choice when it comes to successful sales. Whalebone is wonderfully flexible and can be tailored to meet your specific needs.


Finally, determining the most effective price point is mission critical. As a general rule, 5-7% of average revenue per user by country is a good starting point. For example, if average revenue per user is EUR 20, then a price point of EUR 1-2 is in the right ballpark. The price point can also be measured by the speed in which a customer makes his/her decision, which should be no longer than 10-15 seconds. The longer it takes a customer to decide, the greater the indication that the price point is not correct.


When it comes to effectively securing your network, adding value for customers and driving revenue, Whalebone is ready to offer comprehensive advice on what you can expect in terms of time to market, adaptation and revenue generation. Be prepared to make your business case and sell your new product or service successfully. Contact the experts at Whalebone today!



How to calculate the ROI of a telco product

April 17, 2020 1:29 pm Published by Leave your thoughts

When it comes to selecting a new product to launch, effective calculation of ROI is mission critical both in pitching the business case to senior management and the product’s success. To learn more about how to effectively calculate ROI we spoke with Marwan Chanawani, CSO, Whalebone.

Generally speaking, inputs to ROI must be factored in first. In the simplest case, this means the benefit (i.e. the returns) of the investment divided by the cost of the investment in a specific product. In the case of Whalebone, telco product managers acquire a complete product that is then resold to their subscriber base.

The first thing is to determine a suitable end user price point. This means exploring how much a given customer or customer segment is willing to pay for the product or service. Obviously this will differ by country in relation to the average revenue per user. Western telcos can expect a higher average revenue per user than those of smaller, less economically developed countries. For example, average revenue per user in a country like Poland or Slovakia will be less than average revenue per user in the Nordic countries, Germany or the UK. Determining average revenue per user is based on the operator’s knowledge of the local market and its respective market segments.

The second major factor to consider when setting out to determine ROI for a new telco product is the adoption rate of new products, namely the penetration rate of a given product across the subscriber base. For example, out of a hypothetical one million subscribers, how many are likely to adopt the new product? This is to a large extent influenced by the product’s price point. If a product is priced too high, the far fewer people will actually buy it.

The importance of ease of use

An ancillary factor of equal importance in the telco market is ease of use. Experience has shown that when it comes to new products, the easier a product or service is to use, the higher the total adoption rate.

In the antivirus market, many products today require installation, activation, and setup complicating the ease of use factor. The simple maxim is the more complicated the product is to install and use, the lower the overall adoption rate. Users, it seems, what their lives made easier, not more complex.

No installation enhances customer adoption

That’s where Whalebone is unique on the market, requiring no installation whatsoever. Customers what security and are willing to pay for it, what they don’t want is to be compelled to be proactive in installing a product on their devices and having to sort out how it works. Whalebone effectively eliminates those potential complications by requiring no end user installation, instead users simply opt in to the product, which already resides on the network, taking adoption rates to a whole new level.

Where usually operators can expect a 5-6% adoption rate for products that require end user installation, Whalebone’s “unique no installation necessary” approach can raise standard adoption rates to 40% or higher.

The next question is the adoption curve, meaning how long a product will take to reach its optimal adoption rate. This requires product managers to look at the curve from initial rollout over the next months and years.

The formula

So in a nutshell, product managers need to look at the adoption rate, the price point and the cost of acquiring the new product from the vendor and calculate the gain from investment divided by the cost of investment to determine the ROI of a new telco product or service.

Of course, other associated costs also need to be included in the calculation, which include things such as the cost of internal sales and support in man hours, IT staff and deployment, and the channels used to push the product. That said, the internal and sales costs can be mitigated by the number of products an operator is offering, i.e. sales and support staff representing a basket of say 20 different products and services can significantly lower the per product or service cost used to calculate ROI.

In conclusion, internal cost + cost to vendor + cost of investment = gain (price point x adoption rate x subscriber base over time). For more information and help calculating your ROI when introducing Whalebone security on your network, contact a Whalebone expert today!

The spread of Coronavirus cybercrime – a virtual pandemic

March 26, 2020 3:50 pm Published by Leave your thoughts

Coronavirus is rapidly spreading across the world and leaving a trail of disrupted businesses, daily lives and national and global economies in its wake.

In an oddly prophetic move, in February 2020, Netflix released a new series aptly titled “Pandemic – How to Prevent an Outbreak” in which copious health experts, pointing to the 1917 Spanish flu pandemic that claimed millions of lives, claimed  that another pandemic was not a question of “if”, but “when”. Unfortunately for us as a species, that when is now.

Governments and health care professionals across the globe are issuing guidelines and emergency measures in an attempt to stop the deadly spread of the virus. With social distancing a compelling tactic to this end, hundreds of millions of people are being asked to isolate themselves, stay at home and, for non-essential services, work from home. Schools are closed and families around the world are wondering how to pass the time. Turning to the internet for information, work and entertainment is now, more so than ever before, an essential part of everyday life.

Yet, as we have all seen in the early stages of the Coronavirus pandemic, with exposure comes risk. When it comes to the internet, with more people online than ever, more users are exposed, and malicious attackers are finding new ways to exploit the vulnerable and our concerns.

Key word based attacks

As we search the internet for more information about what is going on to assuage our own fears, cyber criminals are ready, willing, and able to exploit our compelling need to know. Due to the pandemic, as Andronikos Kyriakou, a technical consultant at Whalebone points out, “only in the last two weeks, we have seen a 7% daily increase in the number of unique domains that our users communicate with. There are indicators that 4% of these domains are linked with some kind of malicious behavior.” Whalebone statistics show that coronavirus- related domains are 50% more likely to be malicious than other domains registered at the same period.

Fake news and information

According to a recent report by Zack Doffman at Forbes, even Coronavirus maps are being used to plant malware to extract passwords, personal information and credit card details from unsuspecting victims.

“Users do not need to download apps to run risks, malicious websites can also infect computers. And so you should avoid accessing any unknown coronavirus sites or clicking random links under any circumstances. This particular .exe file pretends to come from Johns Hopkins, and mimics the university’s real map,” writes Doffman.

Coronavirus malware map. Source: 

Ransomware attacks

Closer to home the threats get even more real. Security Week wrote that “On March 13, 2020, it was reported that the Czech Republic’s second-largest hospital, the University Hospital Brno, which has a major COVID-19 research laboratory, was hit by ransomware.” The attack shut down the entire network of the clinic, imperiling the lives of both patients and health care workers and stopping mission critical work.

The site went on to report that “Researchers from Cybereason Nocturnus have been tracking the rise and variety of such attacks, which now include phishing, fake apps and ransomware. Phishing has followed the spread of COVID-19 infections, fake apps are targeting the growing number of home workers, and ransomware is targeting healthcare organizations.”

Phishing attacks

Even the World Health Organization (WHO) has issued a press release warning internet users to beware of cyber criminals pretending to be the WHO and specifically referencing Coronavirus. Known as phishing, these types of attacks use email to elicit users to provide sensitive information, click on malicious links or open malicious attachments, under the guise of being a reputable source of information.

The fake page not only shows a page that looks like the WHO website, it actually is the WHO’s website embedded in the malicious page, with a simple pop up box over top (see below).

WHO phishing site. Source: Sophos and Whalebone

Here’s another slick and easy to believe example of a phishing email purporting to be an airbnb update.

Airbnb phishing site. Source: Whalebone

How to stay safe

The global scope of the threats, both in the real world and online, illustrate the seriousness of the problem. It’s now more than ever essential to keep your valued users safe and secure. To do so, Whalebone has created a product uniquely suited to provide telco operators and their customers with the security they need. Unobtrusive, providing only a users’ consent at the point of sale or via a call line, residing on the network at the DNS level, offering rapid return on investment and the fastest possible time to market, whalebone is ready and waiting to help you protect your customers in these trying and dangerous times. For more information, visit the Whalebone webpages here or contact a Whalebone consultant today.


The new era of telco products – windows of opportunity?

March 20, 2020 6:55 pm Published by Leave your thoughts

Let’s face it, the age of telecommunications has long been a double edged sword. On one hand, accessing the internet via smartphone or fully connected home, with the help of your telco and its network, puts the world and your products and services in the hands of countless users, i.e. your valued customers. 

On the other hand, using these vast networks presents whole new opportunities for criminal malfeasance, and this new, mobile centric world comes with a constantly evolving threat scape. As fast as the benefits of connectivity technology evolve, shining a light on new business opportunities, so do the very real and costly dark sides.

A world (of threats) in the palm of your hand?

Let’s start with the big picture, how much harm is really caused by these alleged threats? Jupiter Research put the cost of cybercrime at a whopping $2 trillion in 2019. Forbes goes even higher, putting the cost to companies and individuals at some $6 trillion annually. For perspective, that’s “much more in damages and cost than all natural disasters in a year,” writes Forbes. The massive fires in Australia, hurricanes, floods, windstorms, volcanos and the like all pale in comparison when it comes to the economic downside of the damage done by online criminals.

Now think about the current 5.11 billion internet users and you can begin to get a feel for why connectivity security is topping everyone’s worry lists in 2020. We’re all connected to the internet. Is it time to board up the windows or can we still let the sun shine in?

With all that sensitive data flying about, getting it to the right place and keeping it out of the wrong hands is a major concern. From the business perspective, the average cost of a corporate data breach, according to a report by the Ponemon Institute, was $3.86 million in 2018, up 6.4% year-on-year and set to climb. With 1,473 major data breaches reported in 2019, you can start to get a feel for the scope of the problem.

And that’s just on the corporate side, the damage to your customers is almost unfathomable. In 2019 alone, according to Statistica, over 164.68 million consumers had their sensitive data, everything from passwords to personal data to account information, exposed. This is a clear indicator that protecting an operator’s customers, its B2C clientele, is equally as mission critical as protecting its B2B business.

Cybercrime is now the single greatest transfer of economic wealth in human history and “more profitable than the trade in all the world’s illegal drugs combined,” according to Cybercrime Magazine.

To put it bluntly, the down side of the double edged sword can cut awful deep… and it hurts.

The true window of opportunity

While telcos are faced with a myriad of choices when it comes to ways to generate revenue, from content to music streaming, to cloud services to smart home gadgets, to name just a few, it can be hard to tell which window to open, when. Customer satisfaction equals brand loyalty and reputation, but in the hyper competitive telco business, knowing how to increase that satisfaction while generating a timely ROI is the devil in the details.

But every now and again there’s an easy win. That’s where Whalebone comes in. Providing effective B2C and B2B security can be a game changer in terms of customer satisfaction, brand loyalty, revenue generation and time to market.

 So while the threats are real and growing, so too are the solutions that allow the sun to keep on shining. According to Whalebone CEO Richard Malovič, “there is no silver bullet in security, but people can and will be protected.”

Protecting 1 billion mobile users by 2025

Fortunately for telcos, problems beget solutions. When it comes to telecommunications security, the problem has been the fact that there are significant impediments to tapping the market. These include the time it takes to introduce a new security product to market, which can take years, the question of whether end users will actually go through the process of setting up such product on their devices, and finally, whether they are willing to pay for it, i.e. having an effective business case that makes it all worthwhile.  

The fact is users want security, explained Mr.  Malovič, and the numbers clearly show it. What they don’t want is disruption. This means that operators need a product that doesn’t disrupt the user experience, is time sensitive in terms of roll out, and economically viable, i.e. that users will pay for. 

Whalebone has made it their mission to remove the impediments to effective security with the goal of protecting 1 billion users by 2025, while opening the floodgates of B2C and B2B revenue flow for the world’s telcos and cutting traditional time to market. 

Their number one goal has been to protect customers en masse, i.e. by the millions, because connected means protected. This meant analysing threat intelligence and information about attacks, scouring the vast amounts of data that simply weren’t being used for this purpose, and building neural networks to further complement and drive in-house threat intelligence to let the sun shine in and keep threats out.

At the same time they understand it’s mission critical to make the user experience as easy and seamless as possible, i.e. to boldly go where so many have failed before. The answer was to create a solution that resides on the telcos’ network at the DNS level, so that there was nothing for end users to install. It’s as easy as saying OK at the shop or via call assistance for customers to get instant threat protection up and running. Branded as the operator chooses, Whalebone provides users with easy to access information on threats and how they have been resolved, at once allowing the user to see the security actions taking place, i.e. that they are being protected, while at the same time requiring them to effectively do nothing (no disruption). By combining the concepts “seeing is believing”, with “no disruption” and “out of sight but not out of mind”, Whalebone has set a new standard for the B2C and B2B security experience.

Customers would know they are being protected but not being bothered. Operators would have complete control via a simple live interface, on site or on the cloud to monitor what comes across their networks long before it is too late and the damage done. 

Finally, and perhaps the most pertinent challenge in the ever changing threat scape, operators needed to be able to deliver this to their users… yesterday. The fastest possible time to market was mission critical, so Whalebone reduced roll out times to the absolute minimum (1-3 months maximum), meaning that operators could be offering enhanced security to their customers, en masse, in no time. 

To top it all off, the underlying business case is air tight. Not only are customers offered state-of-the-art non-obtrusive security that resides on the network level, i.e there is nothing for users to install, 40-60% of all network users opt in straight away, with a simple yes. Experience has shown that users are happy to pay 1-2 EUR per month for the enhanced protection service (as compared to single digit percentage opt in rates for old protections, such as device based anti-virus software) and end up more satisfied as a result, increasing customer loyalty and  driving additional revenue for high penetration telco operators.


So, as Whalebone likes to say “connected means protected”. Smooth deployment, the fastest time to market around, no disruption of the internet user experience, no software for users to install, full functionality including, off-net protection, parental & content control, MSSP, enterprise security or infrastructure DNS & security, and a 5% ARPU with nearly 50% adoption rates all mean that Whalebone has rolled out the right product at the right time. So, while the age of telecommunications may be a double edged sword, staying on the right side of the blade and letting the sunshine through this window of opportunity is easy with Whalebone. Call for your free consultation today to learn more about how Whalebone is right for you.



Whalebone delivered O2 Security

May 2, 2019 6:21 pm Published by

Great news! O2 Czech Republic protects its consumers with a new product O2 Security, delivered by Whalebone.

O2 Czech Republic has introduced the O2 Security service for both mobile internet customers and home users powered by Whalebone. The service identifies and blocks harmful content, malicious software, and phishing sites; detects and blocks botnet attacks.