May 24. (Portaltic/EP) –
Microsoft researchers have warned about a new gift card theft cyber attackin which the group of malicious actors Storm-0539 get infiltrate retail platforms through ‘phishing’, ‘smishing’ and token theft techniques, to create gift cards and steal products.
Retail gift cards are usually targets attractive to fraud and social engineering practices by cybercriminals since, unlike credit or debit cards, they do not have any customer name or bank account associated with them, so allows potentially suspicious use without being identified.
In this framework, researchers from the Microsoft Threat Intelligence team have warned about a increase in activity from threat actor group Storm-0539which “have taken gift card-based theft one step further, through ‘phishing’ techniques and token theft.
This is what Microsoft has detailed in its latest edition of Cyber Signals, the quarterly report in which the company analyzes the threat landscape, as well as the tactics and techniques most used by cybercriminals. In this case, highlighting the case of the group of cybercriminals also known as ‘Atlas Lion’.
As explained, instead of directly scamming or impersonating users to make payments with gift cards, cybercriminals used phishing techniques ‘smishing’ -‘phishing’ through SMS-, device registration and token theft.
In this way, they achieved access corporate systems and employee accounts of large retailers, including luxury brands and fast food restaurants, which issue gift cards. Once inside the system, malicious actors fraudulently generated gift card codeswhich they spent for themselves stealing products from the business in question.
That is, as Microsoft has clarified, it is as if ““print money” virtually to pay in stores and, after that, redeem or sell the products on the black market.
This type of fraud related to the Storm-0539 group, increased by 30 percent between March and May 2024, especially during American holidays, such as Thanksgiving, Black Friday or Christmas.
Thus, researchers have highlighted the degree of sophistication of this group of malicious actors, as well as its ability to “take advantage of cloud environments.” This is because, unlike most cybercriminals, who once they complete the scam become targets, those known as Atlas Lion They remain infiltrated in the systems to continue generating card codes on a recurring basis.
Storm-0539 acquires these recognition and camouflage capabilities through extensive research into the gift card business process, as well as identity service providers and employees of target organizations.
Another modus operandi of this group of cybercriminals is impersonate non-profit organizationswith which get free cloud resources and domains that closely resemble legitimate services. These characteristics give them credibility and therefore maximize the impact of their attacks.
With all this, Microsoft has recommended organizations that issue gift cards treat your card portals as “high value targets” for cybercriminals. In this sense, he has suggested having a continuous supervision for said portals and carry out audits in case of anomalous activities.
Likewise, he has also stressed the importance of implement conditional access policiesas well as educating company security teams about social engineering tactics, in order to avoid falling for these scams.
Add Comment