Hackers are known to devise inventive tactics to steal payment card data. And their most recent strategy for masking the transfer of funds from these stolen assets into their bank accounts testifies to their wily ways.
A security firm recently discovered that many cybercriminals now use databases of stolen payment cards to create Apple IDs through which they can make in-app purchases for free-to-play video games. These purchases—which speed up gameplay or help make the user more competitive—can then be resold to other gamers, allowing fraudsters to cash-in on their stolen payment data. Considering free-to-play games represent a multi-billion-dollar market, there’s plenty of profit potential for hackers who participate in this burgeoning black market.
The most alarming element of this money-laundering tactic is that it’s entirely automated. Apple IDs, game logins and item purchases are automatically chosen. The accounts then charge stolen payment cards at random until it finds a valid one, at which point, the money begins flowing.
A Symptom of a Bigger Problem
This method of video game-driven money laundering would be impossible without access to stolen data and credentials. Those credentials are typically pilfered either through social engineering schemes or through data breaches, most of which likely start as phishing scams; according to Verizon’s Data Breach Investigations Report, a vast majority of cyberattacks start as phishing attack.
In other words, video game-based money laundering is a symptom of the bigger problem, which is hackers’ ongoing success at stealing login credentials including:
- Enterprise account passwords for users
- Administrative passwords
- Consumer bank accounts and emails
- Personally identifiable information
Once stolen, all of these can be sold on the dark web and used for further theft of data and/or funds.
Detecting Credential Theft Early
It’s not always possible to prevent credential theft altogether, especially given how advanced and manipulative social engineering campaigns have become. In fact, businesses will likely have better luck identifying instances of stolen credentials by detecting early indicators of compromise (IOCs).
Granted, this is exceedingly difficult without a fully functional security operations center (SOC) considering threat detection requires real-time monitoring of so many different log sources, e.g., Active Directory, multiple SaaS applications, single sign-on activity (SSO), and more. Not to mention, logins may occur on a wide variety of devices in today’s extended enterprise ecosystem.
Enter SOC-as-a-service, or SOCaaS, a fully managed SOC staffed by security experts around the clock. These professionals oversee a security information and event management (SIEM) system to aggregate all of your business’s log sources into a central console, and then use advanced monitoring and threat hunting methods to pinpoint signs of compromised credentials.
To learn more about how SOCaaS can stop credential theft in its tracks, download our white paper “Combating the Top Five Cyberattacks with Managed Detection and Response,” available for free here.