[ad_1]
Christmas is coming, when many people choose electronic greeting cards and gift certificates. These seemingly harmless attitudes can have serious consequences, as even cybercriminals can use them to steal data, warn cybersecurity experts at Sophos.
Gift cards purchased online are usually emailed to the selected recipient along with a secret code and registration link. So getting a gift card code is a bit like someone paying for a prepaid credit card number, expiration date, and security code – that is, who owns the code.
However, this is exactly the downside of this gift, as it is not possible to prevent the gift card from being used only by the recipient or the right to use it from being transferred to another person. This, in turn, also means that it could cost digital criminals money, Sophos warns.
For example, a $ 30,000 gift certificate that is illegally sold for half its fair value online doesn’t sound like much, but there are scammers who have access to the user data of an entire company; They can try to get not just one, but potentially hundreds of prepaid gift cards. soon. The criminals in this case didn’t care who the pocketed victims were (the employees, the company itself, or both) to get the attention of the cybersecurity company.
How can this happen?
Sophos recently noticed an attack where we know the victim’s VPN server hadn’t been patched for months, which alone might have been enough to get scammers in – a security flaw in an earlier version could theoretically allow them to criminals to enter the network.
The VPN server was not configured for two-factor authentication (2FA), which means that a password already obtained from a single user with a successful phishing attempt was enough to create their “bridgehead.” Sophos experts suspect that despite the unrepaired vulnerabilities, attackers first broke into the network in this way.
Once they were “inside” the VPN, the scammers were able (using RDP) to open browsers on users’ computers and see which online accounts they had not disconnected from. These included their personal email addresses (Gmail, Outlook.com).
As a result, the attackers used custom email accounts to perform a series of password resets. On computers where scammers were able to access email addresses thanks to cached credentials but were unable to access more interesting online accounts because users logged out, they performed a password reset through the email account. The attackers’ preferred accounts included Best Buy, Facebook, Google Pay, PayPal, Venmo, and Walmart.
[ad_2]
