An un-named casino has lost 150,000 credit cards in a cyber attack. The group responsible behind it- Fin5, a new hacking group that hacked the payment systems of the casino.
Researchers Emmanuel Jean-Georges and Barry Vengerik of Mandiant and FireEye uncovered the group.
The casino that had no security, even lacked the basic firewall around its payment platforms. It also didn’t had a proper logging.
Fin5 is linked to numerous payment card breaches including Goodwill. According to Emmanuel Jean-Georges, Fin5 has caused a breach in 12 firms. It is expected that even 6 more firms would have been affected by this group. “It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel told the Cyber Defence Summit in Washington, DC.
Barry Vengerik explained that the attackers have targeted at least two payment systems and the un-named casino is one of them.
In the specific attack against the Casino, the experts discovered that the Fin5 gang used a backdoor codenamed Tornhull and a VPN dubbed Flipside to maintain the control over the compromised system.
Fin5 also has a tool called GET2 Penetrator, which is a scanning tool that searches for remote login and hard-coded credentials, and a free tool called EssentialNet that is used to scan the target network.