FBI issues new warning about gift card hacks targeting retailers in 2024

The FBI has been busy lately issuing security warnings about email hackers and road toll scammers. However, warnings are still emerging, and the latest news shows that a hacker group named STORM-0539 is targeting the retail gift card business.

FBI Private Industry Notice 20240506-001

The FBI released its latest private industry notification on May 6, highlighting how a financially motivated threat group is targeting U.S. retail and corporate office employees through a fraudulent gift card sham.

The FBI said that starting in January 2024, it noticed an increase in activity from a cybercriminal group labeled STORM-0539, although it is sometimes referred to as Atlas Lion when it comes to phishing and text messaging campaigns targeting the retail industry. . Specifically, it “targeted employees and gained unauthorized access to employee accounts and company systems” in the gift card department at Nationwide Retail Group's corporate offices.

ForbesNew FBI warning in case of hack: Here's what email senders must do

Who is STORM-0539?

According to Microsoft, STORM-0539 is a group of cybercriminals that specializes in attacking retail organizations during the holidays using “highly sophisticated email and SMS phishing” to commit gift card fraud. Microsoft said STORM-0539 has been active since late 2021 and “conducted extensive reconnaissance on target organizations to create convincing phishing lures and steal user credentials and tokens to gain initial access.” Additionally, according to Microsoft, STORM-0539 is able to exploit resources within these retailers' cloud services to advance post-infection activities.

The FBI warning comes as law enforcement agencies take note of how cybercriminal groups are leveraging so-called phishing campaigns, or phishing using text messages, to gain unauthorized access to employee accounts and company systems. “Once access was gained, STORM-0539 attackers used phishing campaigns to target other employees to elevate network access and target the gift card department to create fraudulent gift cards,” the FBI said.

ForbesDropbox warns hackers accessed customer passwords and 2FA data

STORM-0539 Attack Techniques, Strategies and Procedures

The FBI recommends that organizations review and update their incident response plans while being mindful of the TTPs used by STORM-0539 threat actors. Organizations should also “establish and maintain strong liaison relationships” with the nearest FBI field office. Some TTPs identified by the FBI include:

  • Target the personal and work phones of countless employees.
  • Use sophisticated phishing kits that can bypass two-factor authentication.
  • Reconnaissance was conducted using the compromised accounts to identify gift card business processes, and the team then turned their focus to employee accounts covering the area.
  • Use these stolen employee accounts to create gift cards. In one case where the group was discovered and made changes to block access to gift card creation, STORM-0539 was found to have turned to hunting down unredeemed gift cards and changing email addresses to those controlled by the group.
  • Download employee data including names, usernames and phone numbers.

Mitigation problem

To reduce the risk of an attack, organizations should follow basic security best practices and provide training on how these social engineering attacks operate and ensure employees have a mechanism to report any suspicious situations. While STORM-0539 has had some success in bypassing 2FA, multi-factor authentication is still required to protect as many accounts as possible, preferably using “anti-phishing” options such as biometric keys and physical security keys. . It goes without saying, but I would apply the principle of least privilege throughout my organization's network anyway. “Account permissions should be clearly defined, regularly reviewed and adjusted as necessary,” the FBI concluded.

ForbesDell confirms database hacked – Hackers say 49 million customers were compromised

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *