🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Category: Threat Landscape | Industry: Aviation | Motivation: Financial | Region: Multiple
In the ever-evolving landscape of cybercrime, threat actors continually devise innovative methods to maximize their illicit gains.
This article delves into a sophisticated technique that has gained traction among cybercriminals: the exploitation of stolen frequent flier accounts as a vehicle for money laundering and value extraction.
The cybercrime ecosystem presents a unique challenge for malicious actors once they have successfully compromised systems or extracted funds from victims. Converting these ill-gotten gains into usable currency while evading detection is a critical step in their operations.
This article provides an in-depth exploration of this phenomenon, covering several key areas:
By providing this comprehensive examination, we aim to shed light on a lesser-known facet of cybercrime that intersects with the travel industry, demonstrating the ingenuity of threat actors in exploiting seemingly innocuous systems for financial gain.
Airline miles, also called frequent flier miles or travel points, are like rewards that airlines give to their loyal customers. They work kind of like this:
The benefits of miles are airline dependant, many airlines have created a very elaborate ecosystem around their miles program to make it more elusive to use the specific airlines, these airlines are even more sought after in terms of demand
Following are some of the ways Threat Actors approach a potential buyer
The first and foremost way of selling accounts are bots, they are used to automate the way purchases are made and removes the haggling from the purchaser. One such account was: @MilesBrokerBot
The second way is manually approaching potential customers for selling mile accounts. Below is the conversation our sensitive source had with a Threat Actor which resulted in potential identification of the compromised account as well as the threat actor
Credential breaches are the backbone of all types of illegal activity and the rate of popularity is ever increasing. Credential breaches broadly include:
The impact of these are typically less this requires password reuse of the same password in different spaces with elevated privileges which is generally countered by password policies in organizations
These are more impactful as the stealer log gives the attacker complete URL as well as the username and password used to login
In the above given examples where a Threat Actor was selling accounts for miles, this kind of behavior can be averted by having multi-factor authentication on all business critical as well as customer endpoints
Once a threat actor has obtained credentials from free sources and credential brokers they use tools like OpenBullet which aid in credential stuffing. The config files are sold/given for free on telegram as well.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
4
min read
This article examines how cybercriminals exploit stolen frequent flier accounts for money laundering. It covers motivations, trading of accounts, methods to monetize stolen miles, case studies, financial impact, and current prevention measures.
Category: Threat Landscape | Industry: Aviation | Motivation: Financial | Region: Multiple
In the ever-evolving landscape of cybercrime, threat actors continually devise innovative methods to maximize their illicit gains.
This article delves into a sophisticated technique that has gained traction among cybercriminals: the exploitation of stolen frequent flier accounts as a vehicle for money laundering and value extraction.
The cybercrime ecosystem presents a unique challenge for malicious actors once they have successfully compromised systems or extracted funds from victims. Converting these ill-gotten gains into usable currency while evading detection is a critical step in their operations.
This article provides an in-depth exploration of this phenomenon, covering several key areas:
By providing this comprehensive examination, we aim to shed light on a lesser-known facet of cybercrime that intersects with the travel industry, demonstrating the ingenuity of threat actors in exploiting seemingly innocuous systems for financial gain.
Airline miles, also called frequent flier miles or travel points, are like rewards that airlines give to their loyal customers. They work kind of like this:
The benefits of miles are airline dependant, many airlines have created a very elaborate ecosystem around their miles program to make it more elusive to use the specific airlines, these airlines are even more sought after in terms of demand
Following are some of the ways Threat Actors approach a potential buyer
The first and foremost way of selling accounts are bots, they are used to automate the way purchases are made and removes the haggling from the purchaser. One such account was: @MilesBrokerBot
The second way is manually approaching potential customers for selling mile accounts. Below is the conversation our sensitive source had with a Threat Actor which resulted in potential identification of the compromised account as well as the threat actor
Credential breaches are the backbone of all types of illegal activity and the rate of popularity is ever increasing. Credential breaches broadly include:
The impact of these are typically less this requires password reuse of the same password in different spaces with elevated privileges which is generally countered by password policies in organizations
These are more impactful as the stealer log gives the attacker complete URL as well as the username and password used to login
In the above given examples where a Threat Actor was selling accounts for miles, this kind of behavior can be averted by having multi-factor authentication on all business critical as well as customer endpoints
Once a threat actor has obtained credentials from free sources and credential brokers they use tools like OpenBullet which aid in credential stuffing. The config files are sold/given for free on telegram as well.