Subj : Microsoft warns of major gift card fraud scheme sweeping through To : All From : TechnologyDaily Date : Tue May 28 2024 13:00:06 Microsoft warns of major gift card fraud scheme sweeping through victims Date: Tue, 28 May 2024 11:55:04 +0000 Description: Microsoft issues warning for threat actor with advanced cloud knowledge, and a love of gift cards. FULL STORY ====================================================================== Gift cards are a good way to fund a hobby or interest without having to spend hours agonizing over the perfect present, as they can be used in store or online using a unique code used to track the amount of money on the card. Unfortunately, threat actors are taking advantage of the ambiguity of gift cards as an easy way to steal money from corporations without leaving a paper trail. Chief among these threat actors is the group tracked as Storm-0539, which Microsoft has identified as a unique group who utilize an advanced knowledge of cloud environments to break into gift card portals, generate new gift cards for themselves, and then sell them on the dark web or redeem the value for their own use. Phishing for clouds Storm-0539 typically infiltrates cloud environments through complex smishing campaigns, which combines social engineering with fake text messages that trick the victims into providing access to their organizations. The group then registers their own devices with the victims authentication services to bypass multi-factor authentication, providing the threat actor with persistent access to the targeted environment. The group then uses the compromised account to navigate through the targeted environment, hunting for access to the gift card portal while also gathering important information from Salesforce, Citrix, OneDrive and Sharepoint. Storm-0539 then uses the compromised employee accounts to generate new gift cards. In order to avoid detection by the organizations they are targeting, the group uses a tactic known as typosquatting - where the group squats on a domain that appears to be an authentic website, but the address actually contains a number of switched characters to blend in. Microsoft says that gift card portals should be treated as a high priority target for threat actors, and has issued a number of security recommendations to protect against the tactics used by Storm-0539: Bind MFA tokens to employee devices to prevent token replay attacks. Use least privilege access principles throughout the business environment to minimize the effects of an attack. Use a trusted gift card system that uses fraud prevention techniques and authenticates payments legitimately. Use phishing resistant MFA solutions. Implement secure password changes for high risk users, such as Microsoft Entra MFA. Provide training and education to employees to help them spot fraudulent gift cards. More from TechRadar Pro These are the best cloud storage and best cloud backup solutions A new ransomware is hijacking Windows BitLocker to encrypt and steal files Here is our guide to the best endpoint protection tools available today ====================================================================== Link to news story: https://www.techradar.com/pro/microsoft-warns-of-major-gift-card-fraud-scheme- sweeping-through-victims --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .