May 27, 2024 at 09:06AM
Microsoft has highlighted a cybercrime group, Storm-0539, responsible for sophisticated email and SMS phishing attacks, primarily aimed at stealing and selling gift cards. The group targets large retailers and utilizes tactics to evade detection, such as using cloud infrastructure and legitimate platforms. Microsoft advises companies to implement additional security measures to safeguard against these attacks.
Key Takeaways:
– Microsoft has identified a cybercrime group called Storm-0539 operating out of Morocco, responsible for sophisticated email and SMS phishing attacks to steal gift cards and then profit from selling them online at discounted rates.
– Storm-0539 has been active since at least late 2021 and targets large retailers, luxury brands, and well-known fast-food restaurants to achieve their goals.
– The group has been observed deploying tactics such as manipulating email addresses associated with unredeemed gift cards, targeting gift card department personnel for login credentials and SSH passwords, and leveraging cloud infrastructure for their fraudulent activities.
Recommendations by Microsoft:
– Organizations issuing gift cards should treat their gift card portals as high-value targets and actively monitor for suspicious logins.
– Microsoft advises that companies complement multi-factor authentication (MFA) with conditional access policies to evaluate authentication requests using additional identity-driven signals like IP address location information or device status.
– It’s important to be cautious about phishing messages distributed via legitimate internal company mailing lists and to closely monitor any activities associated with free trials or student accounts on cloud service platforms.
– Enea has also highlighted the exploitation of cloud storage services for SMS-based gift card scams, emphasizing the need to be vigilant against URLs distributed via text messages to bypass firewall restrictions.
Overall, it’s crucial for organizations to remain vigilant and take proactive measures to safeguard against these evolving cyber threats.