May 23, 2024 at 02:59PM
A Moroccan cybercrime group, Storm-0539, has evolved the gift card scam by targeting retailer systems to create and cash out gift cards. Utilizing social engineering and phishing, they compromise employee accounts to gain access. Microsoft reports a surge in their activity, advising organizations to adopt stringent security measures to combat such threats effectively.
Key Takeaways from the Meeting Notes:
1. Storm-0539, a Moroccan threat group, has upgraded the classic gift card scam by targeting the systems used to register gift cards, rather than individual retail customers.
2. They use social engineering tactics to target retail employees with phishing texts in order to compromise their employer accounts. With this access, they can move laterally within a retailer’s network to ultimately access the system that handles gift cards.
3. Storm-0539’s reconnaissance and cloud skills are on par with what is observed from nation-state-level actors.
4. The timing of their malicious activity is often ramped up in anticipation of holiday seasons, with spikes in activity around summer, Labor Day, Thanksgiving, Black Friday, winter holidays, and Memorial Day.
5. Microsoft recommends that organizations combat this threat by adopting phishing-resistant multifactor authentication (MFA), strict password reset measures, token replay and other fraud protections, principles of least privilege, and by educating employees on the risks of this scam.
6. Increased collaboration and information-sharing have led to major retailers being more effective at fending off Storm-0539 activity in recent months.
These takeaways highlight the evolving tactics of cybercriminals, the importance of proactive security measures, and the effectiveness of collaboration in combating such threats.