The personal information of 150,000 customers of an as-yet-unnamed casino was compromised following an incursion by the "Fin5" hacking group, according to The Register.
Barry Vengerik and Emmanual Jean-Georges of FireEye's Mandiant team determined that the hackers, already known for their use of “RawPOS” malware to siphon data from PoS devices, had been in the casino's system for a year. They added that the network lacked basic protections, such as a firewall and logging capabilities.
Vengerik said the gang attacks using stolen credentials, thereby avoiding an initial chance at detection. With a backdoor named Tornhull and a VPN called Flipside, the perpetrators then target Active Directory to gain further credentials.
The incursion illustrates how enterprises should safeguard any egress that third-parties have to corporate networks, Vengerik said.The casino has since updated its security posture to include two-factor authentication, application whitelisting and more logging.