Breach, Data Security, Malware

Hacking group stole credit card data of 150K casino customers

The personal information of 150,000 customers of an as-yet-unnamed casino was compromised following an incursion by the "Fin5" hacking group, according to The Register.

Barry Vengerik and Emmanual Jean-Georges of FireEye's Mandiant team determined that the hackers, already known for their use of “RawPOS” malware to siphon data from PoS devices, had been in the casino's system for a year. They added that the network lacked basic protections, such as a firewall and logging capabilities.

Vengerik said the gang attacks using stolen credentials, thereby avoiding an initial chance at detection. With a backdoor named Tornhull and a VPN called Flipside, the perpetrators then target Active Directory to gain further credentials.

The incursion illustrates how enterprises should safeguard any egress that third-parties have to corporate networks, Vengerik said.

The casino has since updated its security posture to include two-factor authentication, application whitelisting and more logging.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds