After a relatively quiet final Patch Tuesday of 2023, Microsoft published warnings this week about the potential for gift card fraud and hackers abusing a popular authentication technology.
Alongside the warnings, Microsoft said it recently used a court order to shut down a cybercrime marketplace where 750 million fraudulent Microsoft accounts were available for sale.
On Thursday, Microsoft warned of a threat actor it has named Storm-0539 launching attacks on retail organizations ahead of the holiday.
The gang uses fake login pages to steal credentials and uses that illicit access to gain further persistence in a victim's system.
Alongside the holiday season warnings, Microsoft announced this week that it obtained a court order to seize the U.S.-based infrastructure of a cybercriminal group running several websites that sold access to approximately 750 million fraudulent Microsoft-branded accounts, earning the group millions of dollars in illicit revenue.
On December 7, Microsoft got a court order from the Southern District of New York allowing it to take down the fraudulent Microsoft Outlook account marketplace Hotmailbox.
Hogan-Burney said Microsoft worked with researchers at the Arkose Cyber Threat Intelligence Research unit, who provided more insight into the group's operations - allowing them to identify three Vietnamese nationals as the culprits behind the group.
Duong Dinh Tu, Linh Van Nguyễn, and Tai Van Nguyen were all named in the lawsuit.
Microsoft said it has submitted a criminal referral to U.S. law enforcement about their activities.
The websites sold fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms - reducing the time and effort needed for criminals to conduct a host of criminal and abusive behaviors online.
Hackers and cybercriminals need fraudulent accounts to prop up their automated activities, according to Microsoft.
As companies get better at shutting down fraudulent accounts, cybercriminals need more and more in order to facilitate attacks.
Storm-1152 and other groups allow hackers to simply buy the accounts instead of wasting time creating them.
Microsoft also worked with Arkose Labs to create a new CAPTCHA defense tool that forces people to prove they are a human being.
On Tuesday, Microsoft warned that hackers are abusing a popular authentication tool and costing organizations millions of dollars through their actions.
The blog focused on OAuth - a standard that allows applications to get access to data and resources based on permissions set by a user.
Microsoft said it saw a hacker it tracks as Storm-1283 use a compromised account to create an OAuth application that allowed them to deploy crypto mining tools.
Utah high court rules suspects don't have to provide police with phone passcodes.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
This Cyber News was published on therecord.media. Publication date: Fri, 15 Dec 2023 15:00:51 +0000