The Federal Bureau of Investigation (FBI) has warned about a sophisticated phishing and smishing (SMS phishing) campaign orchestrated by a cybercriminal group known as STORM-0539, or Atlas Lion.
This group has been actively targeting the gift card departments of major U.S. retail corporations, creating fraudulent gift cards that have led to significant financial losses.
Tactics and Techniques
STORM-0539 employs a range of tactics to breach corporate security. Initially, they target employees’ personal and work mobile phones with smishing campaigns.
Upon gaining access to an employee’s account, they use advanced phishing kits capable of bypassing multi-factor authentication to conduct further attacks within the network.
Their activities include accessing secure shell (SSH) passwords and keys and targeting employees’ credentials in the gift card departments to create fraudulent gift cards1.
In one noted instance, even after a corporation detected and blocked their fraudulent activities, STORM-0539 continued their attacks, adapting their methods to exploit unredeemed gift cards by altering associated email addresses to ones under their control.
The FBI’s alert highlights STORM-0539’s persistence and adaptability, underscoring the significant threat it poses to corporate security.
The group creates immediate financial losses by issuing fraudulent gift cards and compromising sensitive employee data, which could be used for further attacks or sold for monetary gain.
Mitigation Strategies
The FBI advises organizations to review and update their incident response plans to reduce the risk and impact of phishing and smishing campaigns.
Recommended strategies include:
- Providing education and training for employees on identifying and reporting phishing/smishing attacks
- Requiring multi-factor authentication on all accounts and login credentials
- Enforcing strong password policies and the principle of least privilege
- Employing anti-virus, anti-malware, and network monitoring tools
- Implementing SMS filtering and anti-phishing tools
The Cybersecurity and Infrastructure Security Agency (CISA) has also released guidance for network defenders and software manufacturers to help mitigate these threats.
Broader Context of Phishing Scams
Phishing remains a prevalent threat to businesses and individuals. Common tactics include impersonating authority figures or institutions to solicit personal information or financial assets.
During holiday seasons, for instance, phishing attacks often increase, exploiting the high volume of transactions and the urgency of last-minute shopping.
Recent cases, such as exploiting Walmart’s financial services for laundering money through gift cards, illustrate the real-world impacts of such scams.
Victims are often tricked into purchasing gift cards under pretenses, with criminals quickly laundering the money through various channels before it can be traced.
The continuous evolution of phishing techniques makes it imperative for individuals and organizations to stay vigilant and informed.
By adhering to recommended security practices and maintaining awareness of the latest scam tactics, potential victims can significantly reduce their risk of falling prey to these cyber threats.
Source: https://bit.ly/3uS5LZ2