According to security reports, a botnet called GiftGhostBot has been scouring over 1,000 ecommerce websites for sensitive gift card data since February 26.
Distil Networks, a San Francisco based company providing bot detection and mitigation services, uncovered a large-scale fraud exploiting the infrastructure of numerous online stores. As the name of the above-mentioned GiftGhostBot botnet suggests, its only goal is to retrieve and take advantage of gift cards issued by ecommerce portals. This information allows the crooks in charge to purchase goods or benefit from selling the confidential details on the dark web. The websites targeted in this hoax support endpoints to interact with the entities that issue such cards. What the criminals do is they fire brute-force attacks at these endpoints.
The compromise revolves around querying endpoints for random account numbers and gift card balance information. In case there is a response with the current balance, the perpetrators find outthat the specific account number actually exists and know the amount of funds it holds. This scheme involving gift cards gives the attackers an advantage of remaining anonymous, so attribution is hardly possible in such a scenario.
The use of an automation framework like the GiftGhostBot botnet for conducting this fraud is mandatory for the threat actors, because humans cannot physically reach the quantity of queries that would suffice for the compromise to be successful. The number of these requests sent to targeted ecommerce services in the course of the long-lasting attacks is 1.7 million hourly on average, with peaks amounting to a whopping 4 million per hour.
Automatically generated traffic as high as that ended up becoming the main giveaway from the crooks and wakeup call for the organizations in question. What is more, the sites would slow down to a conspicuous degree due to the massive bot traffic. Effectively, this is similar to a denial-of-service attack in terms of the adverse effects. The GiftGhostBot fraud campaign reached its peak around March 8 – 13. It is currently continuing, but with a much lower intensity. Meanwhile, the affected ecommerce services are busy processing refunds from discontented customers.