UK-based Metro Bank has suffered an SS7 attack – Jan 2019

Preface: The phrase “old wine in new bottles”! Cyber security world has similar things all the time!

About SS7 design weakness:

Business impact: A U.K. bank says no customers lost money after cyber attackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports. The National Cyber Security Centre (NCSC) also confirmed.
Such attacks involve tampering with Signaling System #7, the protocol used to route mobile phone calls worldwide.

Security advice: A one-time passcode may be sent over SMS, but the safer way is to use an authenticator app,
such as Authy, Cisco’s Duo or Google Authenticator, to generate the code.

Reference: https://motherboard.vice.com/en_us/article/mbzvxv/criminals-hackers-ss7-uk-banks-metro-bank