Breach, Data Security, Malware

Hacking group stole credit card data of 150K casino customers

The personal information of 150,000 customers of an as-yet-unnamed casino was compromised following an incursion by the "Fin5" hacking group, according to The Register.

Barry Vengerik and Emmanual Jean-Georges of FireEye's Mandiant team determined that the hackers, already known for their use of “RawPOS” malware to siphon data from PoS devices, had been in the casino's system for a year. They added that the network lacked basic protections, such as a firewall and logging capabilities.

Vengerik said the gang attacks using stolen credentials, thereby avoiding an initial chance at detection. With a backdoor named Tornhull and a VPN called Flipside, the perpetrators then target Active Directory to gain further credentials.

The incursion illustrates how enterprises should safeguard any egress that third-parties have to corporate networks, Vengerik said.

The casino has since updated its security posture to include two-factor authentication, application whitelisting and more logging.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.