Gift cards are a good way to fund a hobby or interest without having to spend hours agonizing over the perfect present, as they can be used in store or online using a unique code used to track the amount of money on the card.
Unfortunately, threat actors are taking advantage of the ambiguity of gift cards as an easy way to steal money from corporations without leaving a paper trail.
Chief among these threat actors is the group tracked as Storm-0539, which Microsoft has identified as a unique group who utilize an advanced knowledge of cloud environments to break into gift card portals, generate new gift cards for themselves, and then sell them on the dark web or redeem the value for their own use.
Phishing for clouds
Storm-0539 typically infiltrates cloud environments through complex smishing campaigns, which combines social engineering with fake text messages that trick the victims into providing access to their organizations. The group then registers their own devices with the victims authentication services to bypass multi-factor authentication, providing the threat actor with persistent access to the targeted environment.
The group then uses the compromised account to navigate through the targeted environment, hunting for access to the gift card portal while also gathering important information from Salesforce, Citrix, OneDrive and Sharepoint. Storm-0539 then uses the compromised employee accounts to generate new gift cards.
In order to avoid detection by the organizations they are targeting, the group uses a tactic known as typosquatting - where the group ‘squats’ on a domain that appears to be an authentic website, but the address actually contains a number of switched characters to blend in.
Microsoft says that gift card portals should be treated as a high priority target for threat actors, and has issued a number of security recommendations to protect against the tactics used by Storm-0539:
- Bind MFA tokens to employee devices to prevent token replay attacks.
- Use least privilege access principles throughout the business environment to minimize the effects of an attack.
- Use a trusted gift card system that uses fraud prevention techniques and authenticates payments legitimately.
- Use phishing resistant MFA solutions.
- Implement secure password changes for high risk users, such as Microsoft Entra MFA.
- Provide training and education to employees to help them spot fraudulent gift cards.
More from TechRadar Pro
- These are the best cloud storage and best cloud backup solutions
- A new ransomware is hijacking Windows BitLocker to encrypt and steal files
- Here is our guide to the best endpoint protection tools available today
