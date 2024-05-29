scorecardresearch
Business Today
Subscribe
PMS Today US News India UPSTART Weather BT Shorts NRI Education Election
BT Golf BT Mindrush BT Best Banks
Clear all
Search

COMPANIES

No Data Found

NEWS

No Data Found
Sign in Subscribe
events
Special
  • BT tech today
  • BT 500 wealth creators summit
  • Economic Indicators
News
TECHNOLOGY
News
Microsoft warns against gift card frauds being performed by Moroccan cybercriminals: All you need to know

Feedback

Microsoft warns against gift card frauds being performed by Moroccan cybercriminals: All you need to know

Notably, these threat actors previously specialised in malware attacks on point-of-sale (POS) devices like retail cash registers and kiosks to compromise payment card data.

Join Our WhatsApp Channel
Microsoft warns against gift card frauds Microsoft warns against gift card frauds

A Morocco-based cybercriminal operation is targeting systems of large retailers to fraudulently issue gift cards to themselves, reported Microsoft. This group named Atlas Lion or Storm-0539 has been in the spotlight for the past year for such frauds. According to Microsoft, this group is targeting cloud and identity services and steadily attacking the payment and card systems associated with large retailers, luxury brands, and well-known fast food restaurants.

Notably, these threat actors previously specialised in malware attacks on point-of-sale (POS) devices like retail cash registers and kiosks to compromise payment card data. The company states that their way of compromising cloud systems for far-reaching identity and access privileges resembles the “tradecraft and sophistication typically seen in nation-state-sponsored threat actors, except instead of gathering email or documents for espionage, Storm-0539 gains and uses persistent access to hijack accounts and create gift cards for malicious purposes and does not target consumers exclusively”.

Once the cybercriminals get access to an initial session and token, they register their own malicious devices to victim networks for subsequent secondary authentication prompts. With this, they bypass multifactor authentication protections and persist in an environment using the now-compromised identity.  

Microsoft explained, “To remain undetected, Storm-0539 adopts the guise of legitimate organisations, obtaining resources from cloud providers under the pretence of being non-profits. It creates convincing websites, often with misleading ‘typosquatting’ domain names a few characters different from authentic websites, to lure unsuspecting victims, further demonstrating its cunning and resourcefulness.”

Microsoft advises that companies need to treat their gift card portals as high-value targets for cybercriminals. They need to keep these sites in check, keep monitoring them and conduct regular audits. They should also implement conditional access policies and educate their security teams and engineers about such frauds. In addition to this, they should invest in cloud security best practices.  

Also Read: 

Hollywood actress Jennifer Lopez calls AI 'really scary,' expresses fear against the technology

Nothing Phone (2a) Special Edition with red, yellow, blue colour accents launched in India; check price, other details

For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine

Published on: May 29, 2024, 6:15 PM IST
IN THIS STORY
Follow Us on Channel
×

Top Stories TOP STORIES

TOP VIDEOS

market today

Advertisement