Watch the stream
In today's technology-driven landscape, the transition to digital transactions has eclipsed conventional face-to-face interactions, presenting novel challenges in ensuring transaction security. Users, perhaps inadvertently, heighten security risks by opening email attachments from phishing attempts, intensifying the complexities of online transaction security. Moreover, there exists the potential of voluntarily disclosing sensitive information, further adding intricacy to the digital transaction security landscape.
Compounding this issue, cyber attacks leverage customer data pilfered from compromised merchants. Victims find themselves coerced into divulging credit card details through a sophisticated, multi-step process. This research brings to light a new phishing campaign, unraveling the techniques, tactics, procedures (TTPs), and indicators of compromise (IoCs) employed by threat actors. These encompass the exploitation of the platform's chat function and the incorporation of transaction data to bolster the credibility of phishing pages.
The cyber attacks, though strikingly similar, employ urgent language and intimate knowledge of users' bookings, instilling credibility in deceitful messages. However, distinctive cues like odd URLs and typos serve as saviors for potential victims. Upon analysis, these campaigns redirect users to counterfeit sites that mirror legitimate e-commerce platforms. The craftiness of cyber criminals shines through identical HTML elements and scripts, meticulously validating data and even circumventing multi-factor authentication.
Further investigation unveils the tactics employed by cyber thieves: exploiting InfoStealer malware to breach hotel chat systems and amass valuable customer data, escalating their targeted attacks. Open-source intelligence tools reveal a broader scope, a twin campaign where attackers impersonating various platforms, not limited to travel sites but also other e-commerce platforms, since 2021. Domain fronting is also consistently employed to conceal their tracks along with some other TTPs.
The research culminates in insights and recommendations to enhance the security of all parties involved. By implementing these suggestions, it is hoped that both platforms and merchant-customers can fortify their resilience, mitigating potential risks in the dynamic digital landscape.