The recent hacking of the world’s largest ticket marketplace, StubHub, points to new lengths in which criminals will go to turn their online capabilities and opportunities into illegal monetary gain. Seven criminals from around the world turned the San Francisco-based vendor’s online customers against them by hacking 1,600 accounts and laundering $1.6 million in fraudulent wire transfers and PayPal transactions.
“The assault on StubHub showcases the creativity of the cybercriminal underground,” said Trend Micro vice president of technology and solutions JD Sherry. “They have taken ticket scalping to the next level in the form of ‘Cyber Scalping.’ Any event with a social aspect such as concerts or sports that conduct commerce with a large online community are primary targets for these sophisticated crime syndicates. The sick twist on this form of scalping is that they are acquiring the tickets at no cost and garnering 100% profit.”
Trend Micro, a global leader in cloud security, also warns that cybercriminals are not yet done with the pilfered accounts and system information obtained illegally by the thieves. Rather, StubHub and its customers should be on the lookout for more fraudulent activity as the stolen content is more than likely making the rounds within the underground markets for purchase.
An attack of this magnitude can start with as little as the click of a link or the opening of a weaponized attachment. Another possibility would be popular watering hole sites or drive-by downloads that prove difficult to avoid and even more complicated to detect. Vendors who provide goods and services online to customers are increasingly becoming the target for these sorts of attacks, and should take a serious look at what anti-fraud capabilities they have in place.