Please Put That On His Tab – Maureen Data Systems

[et_pb_section fb_built=”1″ custom_padding=”0px|0px|0px|0px” fullwidth=”on” _builder_version=”3.0.67″ background_image=”https://www.mdsny.com/wp-content/uploads/2017/08/unlock1.jpg” background_position=”center_left” background_blend=”darken”][et_pb_fullwidth_header title=”Please Put That on His Tab” text_orientation=”center” title_font_color=”#ffffff” background_overlay_color=”rgba(0,0,0,0.42)” _builder_version=”3.0.67″ title_font=”Droid Serif||||” title_font_size=”55px” title_font_size_last_edited=”on|phone”][/et_pb_fullwidth_header][/et_pb_section][et_pb_section fb_built=”1″ custom_padding=”12px|0px|0px|0px” _builder_version=”3.0.65″][et_pb_row make_fullwidth=”on” custom_padding=”27px|1px|0px|2px” _builder_version=”3.0.65″][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.65″ text_font=”Droid Serif||||” text_font_size=”18px”]

By Michael Fiorito, MDS

FIN6 is a cybercriminal group known for stealing and monetizing payment card data. They work in a very methodical manner, strategically acquiring bits of data over a period of time to gain access, compromise systems and ultimately sell the data for millions of dollars. This is often done, successfully, through targeted spear phishing campaigns over email.

[/et_pb_text][et_pb_image _builder_version=”3.0.65″][/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ background_color=”#e8e8e8″ custom_padding=”0px|0px|15px|0px” _builder_version=”3.0.65″][et_pb_row make_fullwidth=”on” custom_padding=”22px|0px|0px|0px” _builder_version=”3.0.65″][et_pb_column type=”1_2″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.65″ text_font=”Droid Serif||||” text_font_size=”18px” inline_fonts=”Droid Serif”]

In one such attack studied by FireEye, after obtaining access using valid credentials, FIN6 then established backdoors and escalated privileges.

Using tools like Metasploit, Windows Credentials Editor and other public utilities, they harvested administrator credentials and further escalated privileges. According to FireEye forensics, after a beachhead was established, “FIN6 began lateral movement using credentials stolen from various systems on which they gathered usernames and password hashes.”

When the Point of Sale (PoS) systems were located, FIN6 deployed more malware to find and steal payment card information. That data was then exported to external servers.

This information was then auctioned on the black market. In one breach FIN6 advertised almost 20 million cards, mostly from the U.S., and selling on average at $21 each, totaling around $400 million.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_testimonial author=”Nart Villeneuve” job_title=”Analyst” company_name=”FireEye” background_layout=”light” quote_icon_color=”#0c71c3″ _builder_version=”3.0.67″]

In 70% of the cases we respond to, the activity can be traced back to stolen, legitimate credentials.

[/et_pb_testimonial][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” custom_padding=”1px|0px|16px|0px” _builder_version=”3.0.65″][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.65″ text_font=”Droid Serif||||” text_font_size=”18px”]

By combining its efforts with iSIGHT Partners, which it acquired in January, FireEye managed to track the group’s activities from the initial intrusion up to the point where they sold the stolen data.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ background_color=”#8d8c91″ custom_padding=”4px|0px|20px|0px” admin_label=”section” _builder_version=”3.0.65″][et_pb_row make_fullwidth=”on” custom_padding=”10px|0px|27px|0px” admin_label=”row” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_cta title=”Pulling the plug doesn’t have to be your only security solution.” button_url=”https://www.mdsny.com/contact/” button_text=”Contact Us” use_background_color=”off” _builder_version=”3.0.65″ header_font=”Droid Sans|on|||” header_font_size=”31px” body_font=”Droid Sans||||” body_font_size=”19px” background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_button=”on” button_text_color=”#2d3743″]

Don’t become part of a rising statistic — ensure your company is armed against a security hack.

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section]

Quick Links

Contact Us