Cyber Summit Warned On New Hacking Group

CYBER SUMMIT WARNED ON NEW HACKING GROUP

14th October, 2015 at 08:39:12
Source: http://www.azonlinecasinos.com

Beware Fin5!

Delegates at the recent Cyber Defence Summit in Washington DC have been warned about a new hacker group titled Fin5, which researchers reported was responsible for a hack on an unnamed land casino that resulted in the loss of 150,000 gambler credit card details.

Researchers Emmanuel Jean-Georges of Mandiant and Barry Vengerik of FireEye said that the casino's inadequately flat IT structure made the hacker group's invasion and theft easier, commenting that the casino lacked even basic firewalls around its payment platforms and did not have logging.

"It was a very flat network, single domain, with very limited access controls for access to payment systems," Jean-Georges said. "Had this casino hotel operator had even minimal or basic protections in place like a firewall with default deny systems to limit access to PCI systems it would have slowed down the attackers and hopefully set off red flags."

Fin5 has been linked to over a dozen hacks, with possibly more that have not been reported. Its targets have included at least two payment systems providers and their customers, including the casino used as an example this week at the summit.

The incident should serve as a warning to businesses to secure any access that third party organisations have to corporate networks, the researchers observed, noting that Fin5 uses stolen credentials which ensures no flags are tripped on initial penetration. From there, attackers target Active Directory in a bid to unlock more credentials and gain lateral movement.

Jean-Georges revealed that the hackers use a rare backdoor codenamed Tornhull and a VPN dubbed Flipside to maintain persistence.

He reported that Flipside was overlooked by a rival incident response company after an earlier assault, and Fin5 were sufficiently bold and brazen to return for further thefts after noticing the VPN's survival.

The hackers also deploy a custom tool codenamed "Driftwood" which parses designated locations for credit card data dumps created by tools FiendCry and XOR, and encodes it for later collection, Vengerik reported.

Related News Tags:



« News index »



MORE ONLINE GAMBLING RAIDS IN SARAWAK

27th March, 2017 at 08:02:48
39 arrested in series of police swoops.

INDONESIAN ONLINE GAMBLING BUST

21st March, 2017 at 14:44:19
Nets three suspects.

FLORIDA ABANDONS CHARGES AGAINST ALLEGED GAMBLING RING LEADER (Update)

21st March, 2017 at 11:24:11
2013 issue finalised at last.

BUSY WEEK FOR MALAYSIAN POLICE

17th March, 2017 at 06:19:15
703 arrested and 4,422 computer sets seized in a week of online gambling raids across the nation.

ONLINE GAMBLING RING SENTENCES HANDED DOWN IN VIETNAM

15th March, 2017 at 05:41:33
64 persons, including alleged Singapore national ring leader, punished after being arrested late 2015.