The latest edition of Microsoft's Cyber Signals report, titled "Cyber Signals: Inside the Growing Risk of Gift Card Fraud," unveils significant findings on the activities of the cybercriminal group Storm-0539. This group has been exploiting cloud and identity services to compromise gift card issuers, leading to substantial financial losses for many businesses.
Targeting gift card issuersStorm-0539 has been identified targeting large retailers, luxury brands, and fast-food restaurants that issue gift cards. Their methods include phishing, smishing, device registration, and access token theft. By gaining access to employee accounts and gift card portals, the group is able to create and redeem new gift cards or sell them on the black market.
Advanced reconnaissance and camouflageThe report reveals that Storm-0539 conducts extensive research on gift card business processes, federated identity service providers, and employees of targeted organisations. To evade detection, they impersonate legitimate nonprofits to obtain free or discounted cloud resources and register domains that closely resemble legitimate services.
Increased activity around holidaysThe group has been particularly active during high-demand periods for gift cards. There was a 60% increase in Storm-0539 intrusion activity between September and December 2023, coinciding with the holiday season, and a 30% increase in May 2024. These spikes in activity highlight the group's strategy to exploit the heightened demand for gift cards during these times.
Implications and recommendationsThe findings of the Microsoft Cyber Signals report underscore the growing threat posed by cybercriminal groups like Storm-0539. Businesses, particularly those in retail, luxury, and fast-food sectors, need to bolster their cybersecurity measures to protect against such sophisticated attacks.
The report further suggests enhancing employee training on recognising phishing and smishing attempts, implementing robust access controls and multi-factor authentication. Furthermore, conducting regular security audits and penetration testing to identify vulnerabilities is also advised.
Monitoring for unusual activity, especially during peak gift card demand periods can help reduce cyber frauds.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
