Hackers Use Password Phishing and Password Resets to Hijack Prepaid Gift Cards

Researchers with Sophos Security recently reported a network breach that was not focused on deploying ransomware or stealing information. Instead, the bad actors behind it were using their illegal access to steal prepaid gift cards, of all things.

The bad actors found their way onto a company's VPN server, most likely by phishing out the credentials of just one user. The company-operated VPN server did not have any form of multi-factor authentication set up and it was also not running the latest version of the server software.

It's not clear which venue of attack was used as both phishing and a vulnerability in the server platform are likely.

Once the bad actors were able to get on the company network, they used RDP and "jumped" across different machines. The hackers checked browsers for any accounts that users did not log out of. This included e-mail accounts with Gmail or Outlook. The e-mail accounts that they could get access to were used to reset passwords for services such as Google Pay, PayPal and Venmo.

In a stroke of luck, it appears that only few users on the compromised network had saved their credit card information for auto-fill and automatic purchases. In this way, the bad actors behind the attack only managed to buy a handful of prepaid gift cards before the intrusion was spotted and the attack was cut off.

In addition to attempting large-scale gift card purchasing, with many gift cards still awaiting checkout when the hackers were caught and abandoned their little operation, there was a secondary goal to the cyber attack. The attackers installed a file search tool on the compromised network, configuring it to look for personal data and sensitive company information.

The targets of the file searches included bank statements, details on drivers working for the company and credit card application documents.

There is no hard evidence what exactly the hackers managed to pull from the network before they were cut off.

By Zaib
December 1, 2020
Computer Security
English
December 1, 2020
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

CryptoCore Hackers Target Password Manager Accounts

Yesterday, cybersecurity company ClearSky published a report on a hacking group called CryptoCore. Also known as Dangerous Password and Leery Turtle, the gang is allegedly located in Eastern Europe, and its actions... Read more

June 25, 2020
News, Phishing

Online Design Platform Canva Abused by Hackers for Phishing

Bad actors, especially those focusing on scams and phishing emails, have been shifting their focus on exploiting cloud services and online tools for their campaigns. After a rise in phishing emails using content... Read more

September 8, 2020
Malware

The Hackers Behind the Gootkit Malware Forgot to Secure Their Database with a Password

Some people have problems getting their heads around how much damage a cybercrime operation can do. ZDNet's Catalin Cimpanu and SecurityDiscovery.com's Bob Diachenko spent some time looking closely into an... Read more

September 19, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.