Hacking group stole credit card data of 150,000 casino customers

News by Greg Masters

The personal information of 150,000 customers of an as-yet-unnamed casino was compromised following an incursion by the "Fin5" hacking group.

The personal information of 150,000 customers of an as-yet-unnamed casino was compromised following an incursion by the 'Fin5' hacking group, according to The Register.

Barry Vengerik and Emmanual Jean-Georges of FireEye's Mandiant team determined that the hackers, already known for their use of RawPOS malware to siphon data from PoS devices, had been in the casino's system for a year. They added that the network lacked basic protections, such as a firewall and logging capabilities.

Vengerik said the gang attacks using stolen credentials, thereby avoiding an initial chance at detection. With a backdoor named Tornhull and a VPN called Flipside, the perpetrators then target Active Directory to gain further credentials.

The incursion illustrates how enterprises should safeguard any egress that third-parties have to corporate networks, Vengerik said.

The casino has since updated its security posture to include two-factor authentication, application whitelisting and more logging.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike