Saturday, March 25, 2023
Latest:
  • CyberSecure Announces Strategic Alliance
  • CISA unleashes Untitled Goose Tool to honk at danger in Microsoft’s cloud
  • Malicious ChatGPT Extensions Add to Google Chrome Woes
  • Guidance for investigating attacks using CVE-2023-23397
  • House Leaders Don’t Want CISA’s Reach To Exceed Its Grasp
ThreatsHub.org

ThreatsHub Cybersecurity News

ThreatsHub.org

  • Home
  • Main Page
  • Cyber Security News
    • Malware
    • Security
    • Vulnerabilities
    • Cloud and Web Security
  • About
    • About ThreatsHub Blog
    • Terms of Service
    • Privacy Statement
Threatpost 

Rewards Points Targeted by Teens in Hack of 500K Accounts

June 28, 2018 TH Author 500K, account compromise, arrested, Brute Force Attacks, dark web, hacker, Hacks, rewards points, russian, Russian hacker, teens

A pair of Russian teens have been arrested for infiltrating more than a half-million online accounts, in particular targeting services that offer rewards points.

Russian authorities at the Ministry of Internal Affairs said in an announcement Wednesday that the duo came to their attention in late 2015, when they carried out a large-scale “dictionary attack” – a type of brute-force attack that involves trying thousands of random words as passwords – and were able to compromise more than 120,000 accounts at a popular Russian online retailer.

From there, they used the rewards points built up in the accounts to make purchases, before selling the account credentials on the Dark Web. Previous activity related to travel and hospitality rewards-point abuse has revolved around the ability to set up scams for booking travel or accommodations using stolen points. The specialty shops however claim to provide credentials for direct account access, marking a slight evolution in tactics. With account access, a user could “gift” the miles to themselves for use later, book travel directly or in some cases cash in the rewards points in exchange for other things.

The 2015 conquest however wasn’t their last: According to the police announcement, they were able to hack more than 500,000 accounts total, by using the same email and password combinations used at the e-tailer, thanks to the rampant problem of consumer password reuse. Group IB, which helped the investigation, said that they also took underground denizens up on tips about additional services with bonus programs they could attack, offering them a generous 50 percent revenue share for the information.

The firm also told Bleeping Computer that their tactics were relatively advanced, launching hacks from more than 35,000 unique IP addresses while using anonymizers and “changing the digital fingerprint of the browser (User-Agent).”

Ryan Wilk, vice president of customer success for NuData Security, told Threatpost that the stolen records that are now available on the Dark Web are also valuable in numerous ways.

“Once there, these records are used for synthetic fraud and account takeover – which increased tenfold in the last year, based on NuData’s analysis,” he said. “Fraudsters purchasing these records can slip into accounts unnoticed – until a user gets locked out of their account or a bill shows up for things she did not buy.”

The two unnamed suspects, aged 18 and 19, worked in tandem, the authorities said: One was cyber-savvy and brought coding knowledge to the table; and one carried out gaining illegal access to the accounts. They remain on house arrest as they await trial.

“Merchants have security systems placed around their purchase functionality and often leave their other placements (account creation, login, and shipping addresses, for instance) loosely supervised as they consider them less risky,” Wilk told us. “However, bad actors take advantage of these less supervised placements to prepare their fraudulent purchase quietly or steal loyalty points. By monitoring every placement, merchants can detect fraudulent activity before it gets to the purchase, preventing fraud losses before they happen.”

Similarly, it’s essential to devalue the data bad actors steal, so they lose interest in these schemes. Companies can do this by changing the way they identify users online.

“Many companies and financial institutions are starting to authenticate their users by their inherent behavior – which can be stolen or mimicked – through passive biometrics and other cutting-edge tools. With this technology, the credentials bad actors steal are not enough to access someone’s account, making that stolen information valueless.”

The exploitation of rewards-points programs is big business on the Dark Web, especially those associated with travel, according to Flashpoint analysts. As we previously reported, they have been tracking several small specialty shops in the Russian-language underground, finding that they make rewards-point abuse more accessible to fraudsters who lack the capabilities required to access customer accounts themselves.

Most of these stores are advertising access to the login credentials of customer accounts for travel and hospitality rewards programs; Flashpoint said there’s a relatively high demand for these kinds of logins among the cybercrime set.

READ MORE HERE

About TH Author

View all posts by TH Author

  • ← Ticketmaster UK Warns Thousands of Data Breach
  • Twitter releases tool to improve political ad transparency →

You May Also Like

TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials

May 18, 2018 TH Author 0

Malicious Docker Containers Earn Cryptomining Criminals $90K

June 13, 2018 TH Author 0

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

May 17, 2018 TH Author 0

Newsletter

Stay updated with Cyber Security

LATEST NEWS

  • CyberSecure Announces Strategic Alliance March 24, 2023
  • CISA unleashes Untitled Goose Tool to honk at danger in Microsoft’s cloud March 24, 2023
  • Malicious ChatGPT Extensions Add to Google Chrome Woes March 24, 2023
  • Guidance for investigating attacks using CVE-2023-23397 March 24, 2023
  • House Leaders Don’t Want CISA’s Reach To Exceed Its Grasp March 24, 2023

Most Liked Weekly

  • No results were found in "week" period

Advertisement

CYBERSECURITY INDUSTRY

  • CyberSecurity Blogs
  • DarkReading |TI
  • Microsoft Secure
  • Networkworld
  • Packet Storm
  • Reddit
  • The Register
  • Threatpost
  • TrendMicro
  • Wired
  • ZDNet | Security

Communities

  • Exclusive Telegram Channel
  • Join LinkedIn Community
  • ThreatsHub Group on Facebook
  • ThreatsHub Group on Google Plus
  • ThreatsHub Users Group on Reddit
  • About Pages

  • About ThreatsHub Blog
  • Meet the team
  • We Donate to ThreatsHub Projects
  • Contact Us
  • Stay in Touch with ThreatsHub

  • Follow us on Facebook
  • Follow us on Google Plus
  • Follow us on Twitter
  • [mc4wp_form id="23120"]
    Copyright © 2023 ThreatsHub Cybersecurity News. All rights reserved.