Gift card hack exposed – you pay, they play – Naked Security

Thanks to Bill Kearney of Sophos Rapid Response for his work on this article.

If you’ve read the recent Sophos 2021 Threat Report, you’ll know that we deliberately included a section about all the malware out there that isn’t ransomware.

Sure, ransomware understandably hogs the media headlines these days, but cybercriminality goes way beyond ransomware attacks.

Indeed, as we’ve noted before, many ransomware incidents happen due to other malware that infiltrated your network first and brought in the ransomware later on.

In fact, many network intrusions don’t involve malware at all, because cybercriminals have plenty of other ways of bleeding money out of your users, your company, or both.

Here’s an example that the Sophos Rapid Response team came across recently – a opportunistic network intrusion that was much less sophisticated than a typical ransomware or data stealing attack, but dangerous and disconcerting nevertheless.

Worse still for the employees of the business, these crooks weren’t specifically after the company as a whole, but seemed to attack the network simply because it represented a convenient way of hacking away at lots of individuals at the same time.

Very simply put, the crooks were after as many accounts as they could access to buy as many gift cards as they could as quickly as possible.