Cyber Summit Warned On New Hacking Group
By Casinomeister, Last updated Oct 16, 2015
Beware Fin5!
Delegates at the recent Cyber Defence Summit in Washington DC have been warned about a new hacker group titled Fin5, which researchers reported was responsible for a hack on an unnamed land casino that resulted in the loss of 150,000 gambler credit card details.
Researchers Emmanuel Jean-Georges of Mandiant and Barry Vengerik of FireEye said that the casino's inadequately flat IT structure made the hacker group's invasion and theft easier, commenting that the casino lacked even basic firewalls around its payment platforms and did not have logging.
"It was a very flat network, single domain, with very limited access controls for access to payment systems," Jean-Georges said. "Had this casino hotel operator had even minimal or basic protections in place like a firewall with default deny systems to limit access to PCI systems … it would have slowed down the attackers and hopefully set off red flags."
Fin5 has been linked to over a dozen hacks, with possibly more that have not been reported. Its targets have included at least two payment systems providers and their customers, including the casino used as an example this week at the summit.
The incident should serve as a warning to businesses to secure any access that third party organisations have to corporate networks, the researchers observed, noting that Fin5 uses stolen credentials which ensures no flags are tripped on initial penetration. From there, attackers target Active Directory in a bid to unlock more credentials and gain lateral movement.
Jean-Georges revealed that the hackers use a rare backdoor codenamed Tornhull and a VPN dubbed Flipside to maintain persistence.
He reported that Flipside was overlooked by a rival incident response company after an earlier assault, and Fin5 were sufficiently bold and brazen to return for further thefts after noticing the VPN's survival.
The hackers also deploy a custom tool codenamed "Driftwood" which parses designated locations for credit card data dumps created by tools FiendCry and XOR, and encodes it for later collection, Vengerik reported.
Online Casino News Courtesy of Infopowa
The man with the plan here at Casinomeister. Bryan Bailey has been running Casinomeister since its launch in June of 1998. He has watched the industry grow from its primeval stage to what it is now. The Meister has attended nearly 100 conferences in the past 20 years and has either been a speaker or a panel moderator for at least 60 events. He has always been an advocate of fairness and reason and is known to like German beer, a good Scotch, and astrophotography.
bryan@casinomeister.com
Top 5 casinos
