GiftGhostBot Tries to Steal 1.7 Million Gift Cards Per Hour

March 27, 2017

Gift cards are under attack by hackers, and consumers are being advised to check their balances.

Luxury retailers, supermarkets, and major coffee distributors with gift card processing capabilities are all the target of a new widespread cybersecurity attack, according to Distil Networks, which has tracked activity on nearly 1,000 customer websites.

Hackers are using a bot dubbed GiftGhostBot, to test a rolling list of potential gift card account numbers at a rate of 1.7 million gift card numbers per hour. It is believed that once they correctly identify gift card numbers with this brute force-like approach, they can resell the account number on the Dark Web or use them to purchase goods.

Beginning on Feb. 26, the Distil security analyst team noticed increased bot activity on customer websites with gift card processing capabilities. GiftGhostBot is being distributed across worldwide hosting providers, mobile ISPs and data centers, executing JavaScript to avoid detection. On one customer website, the analyst team recorded 4 million bad bot requests per hour—nearly 10 times their normal level of traffic.

“Like most sophisticated bot attacks, GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment,” said Rami Essaid, CEO of Distil Networks. “While it is important to understand that retailers are not exposing consumers’ personal information, consumers should remain vigilant. Check gift card balances, contact retailers and ask for more information. In order to prevent resources from being drained, individuals and companies must work together to prevent further damage.”

Read the Article

Previous Article
GiftGhostBot Scares up Victims' Gift-card Cash with Brute-force Attacks
GiftGhostBot Scares up Victims' Gift-card Cash with Brute-force Attacks

Software nasty can burn through 1.7 million account numbers per hour

Next Article
Securing Business: Cybersecurity News & Analysis
Securing Business: Cybersecurity News & Analysis