Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberhacks. Show all posts
Moroccan Cybercrime
Cyber Crime Cyberattacks Cyberhacks Cyberscams CyberThreat Gift Card Microsoft Moroccan Cybercrime

Microsoft Uncovers Moroccan Cybercriminals Exploiting Gift Card Scams

 


An armed cybercriminal group working out of Morocco has been targeting major retailers for creating fake gift cards, infiltrating their systems to steal millions of dollars by using them as a source of revenue, according to a new report by Microsoft. It's not just any old gift card scam that's trying to get shoppers to buy fake gift cards. Its goal is to compromise the internal systems of large retailers, luxury brands, and fast-food chains to steal money. This group is dubbed "Atlas Lion" or "Storm-0539." 

Researchers at Microsoft have tracked the Moroccan group Storm-0539 since 2021, known as Atlas Lion, which specializes in the theft of gift cards. It has been estimated that this cybercriminal group has been active for more than a decade. They create fake charity websites to fool cloud companies into giving them access to their online computers free of charge. To avoid detection, they then trick employees at big US stores into giving them access to their gift card systems to steal gift cards without exceeding the limit. 

Once inside, they use their techniques to steal gift cards. Unlike most cybercriminals who launch a single attack and move on, Storm-0539 establishes a persistent presence within a compromised system, allowing them to repeatedly generate and cash out fraudulent gift cards. This tactic makes them especially dangerous, with Microsoft reporting a troubling 30% increase in their activity leading up to the Memorial Day holiday compared to the previous two months. 

It has always been a common practice for cybercriminals to target gift cards since they are typically unlinked to a specific account, making it difficult for them to be traced. Storm-0539 has taken it to the next level. Cybercriminals have long been drawn to gift cards because they usually are not linked to specific accounts or customers, which makes their use more difficult to scrutinize. It is common for gift card scams to increase during holiday periods such as Christmas and Labor Day because they are usually associated with different companies or customers. 

In the days leading up to Memorial Day, Microsoft revealed that Storm-0539 had conducted a 30% increase in activity compared to the last two months when compared to the previous two months. During this period, Microsoft has been tracking Storm-0539 since late 2021. The group has developed from using malware on retail cash registers and kiosks for stealing payment card information to using malware for stealing payment information from the cards. 

Their strategy changed as technology advanced, and they began targeting cloud services and card systems for large retailers, luxury brands, and fast-food chains. Indeed, fraudsters sometimes ask victims to use gift card codes as payment to avoid tracing them. In this case, however, the hackers have gone to the source and printed gift card codes worth thousands of dollars. When that is done, the hackers will then redeem the gift cards for their value, sell them to others, or cash them out using money mules. 

Storm-0539, also known as Atlas Lion, has been active since at least late 2021 and focuses its activities on cybercrime, such as breaking into payment card accounts. But in recent months, Microsoft has also observed the group compromising gift card code systems, particularly before major holiday seasons.  It is reported that Microsoft observed a 30% increase in intrusion activity from Storm-0539 between March and May 2024, before the summer vacation season. It has been observed that an increase of 60% in attack activity between the fall and winter holidays in 2023, coincided with an increase in attack activity between September and December. 

As part of the attack, the hackers often infiltrate corporations by sending phishing emails to employees' inboxes and phones to trick them into providing the hijackers with access to their accounts when they are not supposed to. A hacker attempts to identify a specific gift card business process that is associated with compromised employee accounts within a targeted organization by moving sideways through the network until they find compromised accounts that are linked to that specific portfolio," Microsoft explains. In his research, Jakkal observed that Storm-0539 has evolved to be adept at resetting the process of issuing gift cards to organizations and granting access to employees before compromising their account accesses. 

Taking the form of legitimate organizations, Storm-0539 adopts the guise of non-profit organizations as part of its ongoing effort to remain undetected by cloud providers. According to Jakkal, "They often exploit unsuspecting victims by creating convincing websites using misleading "typosquatting" domain names that are only a few characters different from legitimate websites to lure them into paying for them, showing their cunning and resourcefulness," he explained.  According to Microsoft, the hackers have recovered legitimate copies of 501(c)(3) letters from nonprofit organizations' public websites, and they are using these to gain access to discounted cloud services from cloud service providers by downloading them. 

After they have gained access to login information by phishing and smishing emails, they register their devices into a victim's network and proceed to bypass the two-factor authentication by registering them into the victim's network, allowing them to continue to access the environment despite the MFA. They create new gift cards to resell them to other cybercriminals on the dark web at a discount or cash them out through money mules to cash out. According to Microsoft researchers, there have been instances where threat actors have stolen up to $100,000 from certain companies each day using ordinary gift cards that have been purchased by employees. 

There is a warning from Microsoft that it wants to remind organizations that issue gift cards to treat the portals used to process the cards as high-value targets that need to be extensively checked and balanced before issuing the cards. In a recent report, Microsoft issued a warning about the rise of cybercriminal activities involving gift card scams, specifically highlighting the actions of a group known as Storm-0539. This warning follows a similar alert from December, where Microsoft reported an increase in attacks by Storm-0539 during the holiday season. 

According to Emiel Haeghebaert, a senior hunt analyst at the Microsoft Threat Intelligence Center, this group is comprised of no more than a dozen individuals based in Morocco. Storm-0539 employs phishing campaigns to target employees and gain unauthorized access to both personal and corporate systems. The FBI has elaborated on their tactics, explaining that once initial access is obtained, the group uses further phishing campaigns to escalate their network privileges. 

Their strategy involves targeting the mobile phones of employees in retail departments, exploiting both personal and work devices through sophisticated phishing kits capable of bypassing multi-factor authentication. Upon compromising an employee's account, Storm-0539 conducts detailed reconnaissance within the business network to identify processes related to gift card management. They then pivot to infiltrate the accounts of employees handling the specific gift card portfolio. 

Within these networks, the attackers seek to obtain secure shell (SSH) passwords and keys, along with the credentials of employees in the gift card department. After securing the necessary access, the group creates fraudulent gift cards using compromised employee accounts. The recent report from Microsoft underscores the severity of this threat, echoing an earlier alert issued by the FBI concerning Storm-0539. 

To mitigate such risks, Microsoft advises that merchants issuing gift cards should regard their gift card portals as high-value targets, necessitating constant monitoring and auditing for any suspicious activity. Microsoft further recommends that organizations establish stringent controls over user access privileges. According to Microsoft, attackers like Storm-0539 typically assume they will encounter users with excessive access privileges, which can be exploited for significant impact. Regular reviews of privileges, distribution list memberships, and other user attributes are essential to limit the fallout from initial intrusions and to complicate the efforts of potential intruders. 

In conclusion, both Microsoft and the FBI emphasize the importance of vigilance and proactive security measures in combating the sophisticated tactics employed by groups like Storm-0539. By treating gift card systems as critical assets and implementing rigorous access controls, organizations can better defend themselves against these evolving cyber threats.
Read more »
UnitedHealth
Cyberattacks CyberCrime Cyberhacks Cybersecurity Data Breach Healthcare Personal Data UnitedHealth

Cyberattack Fallout: UnitedHealth Reveals Personal Data Breach Impact

 


As part of its ongoing data breach response, UnitedHealth Group has informed its subsidiaries, Change Healthcare, that they have recently experienced a data breach. Following the February cyberattack on its subsidiary Change Healthcare, UnitedHealth Group revealed on Monday that it had paid ransom to cyber threat actors to protect patient data. 

Additionally, the company confirmed that there was a breach of files with personal information that had been compromised. In the aftermath of the attack, Change Healthcare's payment processing service was affected, and other vital services such as prescription writing, payment processing, and insurance claims were adversely affected, affecting healthcare providers and pharmacies across the United States. 

It was reported that $872 million worth of financial damage had been sustained as a result of the cyberattack. On Monday, UnitedHealth Group announced that it had published an update about the status of its monitoring of the internet and dark web to determine if data had been leaked. The update was published along with leading external industry experts. 

There are many tools provided by Change Healthcare for managing the payment and revenue cycle. This company facilitates more than 15 billion transactions each year, and one in three patient records pass through the company's systems each year. 

UnitedHealth has revealed that 22 screenshots of compromised files, allegedly taken from the compromised files, had been uploaded to the dark web, which means even patients who are not UnitedHealth customers may have been affected by the attack. There has been no publication of any additional data by the company, and they have not seen any evidence that doctor's charts or full medical histories have been accessed in the breach. 

As part of its earlier ransomware attack on its subsidiary, Change Healthcare, UnitedHealth Group has revealed that the company has suffered a significant breach that has exposed private healthcare data from "substantially a quarter" of Americans. The Change Healthcare Group manages the insurance and billing for hospitals, pharmacies, and medical practices in the U.S. healthcare industry, which offers extensive health data on approximately half of all Americans, as well as providing insurance services to numerous hospitals, pharmacies, and medical practices. 

Considering the complexity and ongoing nature of the data review, it is likely to take several months to be able to identify and notify individuals and customers who have been affected by the situation. Rather than waiting until the completion of the data analysis process for the company to provide support and robust protections, the company is immediately providing support and robust protections as part of its ongoing collaboration with leading industry experts to analyze the data involved in this cyberattack. 

In May, The Record reported that UnitedHealth Group's CEO Andrew Witty will be expected to testify before a House panel regarding the ransomware attack. Two representatives of the House Subcommittee on Health testified at the hearing last week about the cyberattack. UnitedHealth Group failed to make anyone available during the hearing. 

UnitedHealth Group reported in March that it had spent $22 million on recovering data and systems encrypted by the Blackcat ransomware gang after paying the ransom. As a result of their attack on UnitedHealth in 2008, BlackCat was accused by a member of the gang known as "Notchy" of cheating them out of their ransom payment because they had UnitedHealth data. After all, they had conducted the attack and BlackCat had fallen into their trap. 

It was confirmed by researchers that the transaction was visible on the Bitcoin blockchain and that it had reached a wallet used by BlackCat hackers at the time the transaction was reported. The U.S. government launched an investigation about a week after the ransomware attack on Optum, investigating whether or not any health data had been stolen. 

On February 21, 2018, a cyberattack hit Change Healthcare, a subsidiary of UnitedHealth Group that is owned by Optum, a company that is a subsidiary of Optum. Due to this downtime, hospitals and physician groups across the country were unable to receive their claims payments from the company. Change has been working to restore connectivity to the provider network; however, delays in the submission and receipt of payments continue to affect provider revenue, despite the improvement in connectivity. 

There was "strong progress" being made by UnitedHealth in the restoration of its Change services during its status update on Monday. After the cyberattack on Change Healthcare, UnitedHealth Group has been vigilantly monitoring the internet and dark web to ensure that any sensitive data has not been exposed further on the internet and dark web. 

There has been an increase in external cybersecurity experts that the company has enlisted to enhance its monitoring capabilities. The company has also developed a group of advanced monitoring tools that search continuously for evidence of data misuse on the Internet and dark web, which allows it to identify and take action quickly when there is any evidence. 

UnitedHealth Group has developed expert cybersecurity partnerships which are intended to mitigate data breaches by collaborating with cybersecurity professionals. Furthermore, UnitedHealth Group's law enforcement and regulatory agencies, as well as other regulatory bodies, are constantly communicating with and cooperating with UnitedHealth Group.
Read more »
malware
Cyberattacks CyberCrime Cyberhacks Cybersecurity CyberThreat GDP Mac malware

Counting the Cost: $9.2 Trillion Annual Impact of Cybercrime Looms

 


According to a new Statista Market Insights report, cybercrime is rising at an unprecedented pace. Approximately one-third of the United States' GDP or about 24 times Apple's annual revenue in 2023 will be incurred as a result of cyberattacks, according to a new survey from Statista Market Insights. A similar study from Statista Market Insights found that cybercrime costs have risen by 245% between 2018 and 2020, increasing from $860 billion to $2.95 trillion. 

With the spread of the pandemic, the cost of health care has more than doubled to $5.49 trillion in 2021 and is expected to increase by $1 trillion annually in 2023 to $8.15 trillion. In addition to impacting businesses and governments, cybercrime has become one of the world's largest illegal economies, as well as the everyday people of the world. Cyberattacks are known for causing financial losses such as ransom payments, loss of productivity, system downtime and data theft, among others. 

Contributing factors In terms of attack surfaces, IoT devices are providing cybercriminals with an increasingly large attack surface, increasing the number of potential victims and supplying them with a more relevant attack surface over time. There is no reason for Mac users to be excluded from this. There was an increase of 50% in new Mac malware families in 2023 in Jamf's report. 

The number of instances of malware that can be found within each of these families could be hundreds. With the growing number of users of Macs, cybercriminals are more and more interested in targeting it as an easy target. It is important to keep in mind that geopolitics plays a significant role in cyberattacks as many countries use them for strategic advantage, disruption of critical infrastructure, and intelligence gathering.

A heightened escalation in the number of state-sponsored attacks is taking place as a result of the conflict between Ukraine and Israel. A significant number of cybersecurity jobs have gone unfilled as a result of the skills shortage we're going through today. Due to this shortage, many cybersecurity positions have gone unfilled. It will therefore be more difficult to monitor and defend against specific threats as there will be fewer professionals. 

Moreover, the shortage of skilled professionals can also increase the workload for employees who are already working, so that productivity can be negatively impacted. Further to this, employees are burned out as a result of their jobs. Threat actors count on this. In the world of ransomware-as-a-service (RaaS), there are very few barriers to entry, and this has made it very popular thanks to a combination of tough economic factors, swift financial gains, and little technical knowledge. 

Operators develop the software under this model and affiliates pay to use pre-built tools and packages to launch attacks on the network. Each affiliate pays a fee for each attack they launch. A ransomware attack can be carried out by non-programmers lacking the skills to develop and deploy their ransomware. 

There is no shortage of RaaS kits available on the dark web, but they aren't always the best. Due to a simple lack of awareness, the risks and consequences associated with cyberattacks remain undetected by many individuals and organizations, making them vulnerable to cybercrime. It was found that 40% of Jamf's mobile users and 39% of the organizations in their annual trends report are running on a device that is known to have vulnerabilities, according to the report.

In light of recent incidents regarding a popular Apple device management platform, it has become evident that there remains a notable lack of awareness concerning the security measures necessary to protect Mac devices. Ensuring the security of the Mac is imperative in safeguarding against potential threats such as malware and phishing attacks. Here are some essential steps to bolster the security of the Mac: 

1. Keep the device up-to-date: It is crucial to regularly update the Mac's operating system to incorporate the latest security patches. By staying current with updates, users can effectively address known vulnerabilities that may be exploited by malware.

2. Utilize antivirus software: Despite common misconceptions, Macs are not impervious to malware. Therefore, employing reputable antivirus software is highly recommended. Tools such as Malwarebytes offer free applications for individual users, capable of detecting and removing potential threats. Additionally, MacPaw’s CleanMyMac X now features a malware removal tool powered by MoonLock, enhancing protection against malicious software. 

3. Exercise caution when clicking: Email remains a primary vector for malware distribution, with phishing attacks experiencing a significant rise in success rates. According to recent reports, phishing success rates increased from 1% in 2022 to 9% in 2023. Hence, exercising caution and scepticism when interacting with email links and attachments is essential to mitigate the risk of falling victim to such attacks. 

4. Enable a firewall: Enabling the built-in firewall on the Mac is an effective measure to prevent the acceptance of unauthorized connections and services. By managing both incoming and outgoing connections, the firewall helps fortify the device's defences against potential threats. 

5. Use strong, unique passwords: Employing robust and distinctive passwords is imperative for bolstering the security of the Mac. Avoid using easily guessable passwords, such as common phrases or pet names followed by predictable characters. Instead, opt for complex combinations of letters, numbers, and symbols to enhance password strength and resilience against unauthorized access. 

6. Enable disk encryption: Leveraging features such as FileVault, which encrypts all user data stored on the disk in real-time, enhances the security of sensitive information on the Mac. In the event of device loss or theft, disk encryption ensures that the data remains inaccessible to unauthorized individuals, thereby safeguarding privacy and confidentiality. 

7. Limit user privileges: Restricting user privileges is crucial in preventing unauthorized software installations and minimizing the potential impact of malware infections. By limiting user permissions, users can effectively mitigate the risks associated with malicious activities and enhance overall device security. 

In summary, prioritizing the implementation of robust security measures is paramount in safeguarding the Mac against evolving threats. By adopting proactive strategies such as keeping the device updated, utilizing antivirus software, exercising caution when interacting with emails, enabling firewalls, employing strong passwords, enabling disk encryption, and limiting user privileges, users can significantly enhance the security posture of the Mac and protect against potential vulnerabilities and cyber threats.
Read more »
Subscribe to: Posts (Atom)