behind

now browsing by tag

 
 

THE #BILLION-DOLLAR #HACKING GROUP BEHIND A #STRING OF BIG #BREACHES

THIS WEEK, SAKS Fifth Avenue, Saks Off 5th, and Lord & Taylor department stores—all owned by The Hudson’s Bay Company—acknowledged a data breach impacting more than five million credit and debit card numbers. The culprits? The same group that’s spent the last few years pulling off data heists from Omni Hotels & Resorts, Trump Hotels, Jason’s Deli, Whole Foods, Chipotle: A mysterious group known as Fin7.

Data breaches dog consumers every day, whether they’re ordering food from Panera, or tracking their nutrition with an Under Armour app. But if you’ve particularly had your credit card number stolen from a restaurant, hotel, or retail store in the past few years, you may have experienced FIN7 up close.

While lots of criminal hacking gangs are simply out to make money, researchers regard FIN7 as a particularly professional and disciplined organization. The group—which often appears to be Russian-speaking, but hasn’t been tied to a home country—generally works on a normal business schedule, with nights and weekends off. It has developed its own malware tools and attack styles, and seems to have a well-funded research and testing division that helps it evade detection by antivirus scanners and authorities more broadly. In the Saks breach, FIN7 used “point of sale” malware—software secretly installed in the cash register transaction systems customers interact with—to lift the financial data, a signature move.

“They’re connected to almost every major point of sale breach,” says Dmitry Chorine, cofounder and CTO of Gemini Advisory, a threat intelligence firm that works with financial institutions and that first reported the Saks/Lord & Taylor breach. “From what we’ve learned over the years the group is operated as a business entity. They definitely have a mastermind, they have managers, they have money launderers, they have software developers, and they have software testers. And let’s not forget they have the financial means to stay hidden. They make at least $50 million every month. Given that they’ve been in business for many years, they probably have at least a billion dollars on hand.”

Name Game
Researchers have carefully tracked FIN7 for years, identifying their tools and watching their techniques evolve and advance. And many of the observers have even gone head-to-head with the group during network attacks, learning the group’s ethos by actively sparring with it.

The anonymity of cyberspace makes it difficult to pin down exactly who commits which crimes, though, and whether they’re actually all part of the same group or simply using similar tools.

As a result, FIN7 is known by many names. Many. The “FIN7” name itself is often associated with retail and hospitality credit card number heists, while another group—perhaps another division of the same entity, or a pre-existing gang that FIN7 spun off from—focuses on targeting financial organizations to directly steal and launder money. This bank heist operation has been called Carbanak or Cobalt (after a tool called Cobalt Strike), or some variation; FIN7 is sometimes called by these names as well. The security firm Crowdstrike also has its own versions of the names, Carbon Spider and Cobalt Spider. Carbon Spider targets the retail and hospitality industries; and Cobalt Spider hits financial institutions and ATMs. Adding to the confusion, Gemini Advisory also sometimes calls FIN7 “JokerStash,” after the dark web marketplace where the group sells the credit card data is steals.

It’s a mess. But while it’s virtually impossible to know the exact breakdown, all of these actors evolved from malware campaigns between 2013 and 2015 that used the banking trojans Carberp and Anunak to attack financial institutions. “There’s definitely a relationship between what we call Carbon Spider and Cobalt Spider,” says Adam Meyers, vice president of intelligence at the security firm CrowdStrike. “There’s some overlap in the malware that’s used and there are a lot of theories. Did Carbon Spider split from Cobalt? Do they have shared tooling? Did somebody leave the group and bring some of the tools with them?”

Consumate Professionals
Regardless of the name, FIN7’s effectiveness stems from a rigorous, professional approach—including devious phishing schemes that trick victims into infecting their own networks—that researchers say is more typical of nation state hacking than criminal skulduggery. The group has also demonstrated a powerful ability to quickly evolve new strategies and adapt tools. Last fall, the security firm Morphisec showed that it only took FIN7 a day to create a fileless malware attack for a newly discovered weakness in Microsoft applications.

“The feeling you get working against them on an incident response team is that they aren’t going down without a fight,” says William Peteroy, CEO of the security firm Icebrg, which has helped clients remediate FIN7 attacks. “They are very committed to getting access to certain targets, they are very committed to maintaining access to those targets, and it’s for the overall goal of pulling as much credit card data out of the environment as they can. They’re not the best-trained, best operations security people on the internet, but they are professional. They go to work in the morning and their job is to steal credit card numbers.”

Based on Icebrg’s research and firsthand experience, Peteroy sees the group’s focus on evading antivirus scans as one of its biggest assets. FIN7 constantly tests its hacking tools against malware scanners to see if they raise an alarm, and tweaks them if they do to fly under the radar for another day.

“They have a pretty incredible track record of staying one step ahead of antivirus vendors,” Peteroy says. “They do constant testing of their toolsets. You would not expect to see a technique like that from a criminal organization. But it’s really just like a business maximizing your profitability. You’re not trying to develop things that are 10 steps ahead, you’re just trying to keep one step ahead.”

So far FIN7 has largely succeeded at staying just out of reach, but it works at such a massive scale on so many heists at once that there are bound to be missteps. Just last week, Spanish police working with Europol, the FBI, and a group of other international agencies arrested what they called the “mastermind” behind Carbanak’s financial institution hacking, particularly a spree of ATM jackpotting and other money laundering. “The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity,” Steven Wilson, the head of Europol’s European Cybercrime Centre, said of the operation last week.

Though an impressive step, researchers are skeptical that the arrest will really destabilize or neuter such a robust criminal syndicate. “Someone who was using part of the tools was arrested in Spain. He may be at a higher level of the food chain, but it definitely doesn’t necessarily mean the whole group has been dismantled,” says Gemini Advisory’s Chorine. “Even if you observe the chatter on criminal forums, there’s no clear indication of who was arrested.”

So as has been the case for years now, FIN7 will likely live to steal another credit card number. Or, more likely, millions of them.

advertisement:

The post THE #BILLION-DOLLAR #HACKING GROUP BEHIND A #STRING OF BIG #BREACHES appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

“Victory for the #good guys” – #criminal behind #Mandiant #hack arrested

Source: National Cyber Security – Produced By Gregory Evans

“Victory for the #good guys” – #criminal behind #Mandiant #hack arrested

FireEye has caught the hacker behind a well-publicised attack that leaked a security researcher’s details and claimed to infiltrate the company’s networks earlier this year.

Mandiant employee Adi Peretz was the attack’s main victim as a number of his online accounts were exposed. Mandiant is a division of FireEye.

The alleged hacker, who went by the username of LeakTheAnalyst, has now been arrested according to reports, although their name and location have not been made public.

“These attackers rarely, if ever get caught…Over my career, I have found it frustrating how little risk or repercussions exist for the attackers, who hide behind the anonymity of the internet to cause harm to good, well-intentioned people,” Mandia says in a statement.

In addition to OneDrive accounts and PayPal invoices, Peretz’s LinkedIn login was compromised and his page was allegedly defaced by the hacker. The hacker also claimed to have gained access to Mandiant’s systems and customer data.

It was fun to be inside a giant company named ‘Mandiant’ we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malwares and stuffs. Now that ‘Mandiant’ knows how deep we breached into its infrastructure its so-called threat analysts are trying to block us. Let’s see how successful they are going to be :D,” the hackers’ say as part of their data dump,” a post on PasteBin said.

Two weeks later, the hacker posted another batch of information apparently from the data dump. They also claimed that FireEye was conducting a coverup.

“Well we were waiting FireEye for a public comment and FireEye lied again, and they lied in cost of their customers. They did a mistake. They knew we had access to JIRA, Their IDF workshop wasn’t a part of Adi Peretz’s job. They knew Adi Peretz wasn’t working on Bank Hapoalim,” The PasteBin dump says.

“They said our documents was “public”, are license files, private contract documents, private IDF workshops and internal network topologies public? If they weren’t public why did you removed our files and from public file hosting? Why did you removed our first Pastebin message? They knew the truth and they’re hiding it from their customers and the public,” it continues.

“Therefore, I am pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys,” Mandia concludes.

The post “Victory for the #good guys” – #criminal behind #Mandiant #hack arrested appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Westport teen behind 2015 fake shooter report charged with hacking, ID theft

Source: National Cyber Security – Produced By Gregory Evans

A 17-year-old Westport juvenile — the same youth responsible for calling in a fake active shooter incident at Westport High School in 2015 — was arrested Thursday for hacking into a Texas man’s Amazon account and buying $1,000 in computer equipment, police said. Detective Jeffrey Majewski said the male juvenile,…

The post Westport teen behind 2015 fake shooter report charged with hacking, ID theft appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

If Lawmakers Get Their Way, Teens’ Sexting Could Land Them Behind Bars for 15 Years

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ A bill that passed the U.S. House of Representatives earlier this month could harshly penalize adolescents for their high-tech flirting and sexual experimentation. The U.S. House of Representatives passed a bill …

The post If Lawmakers Get Their Way, Teens’ Sexting Could Land Them Behind Bars for 15 Years appeared first on Become007.com.

View full post on Become007.com

The Culprit Behind the WannaCry Ransomware Attack Has Been Identified As The Same Group Behind the Microsoft Tech Support Scam

Source: National Cyber Security – Produced By Gregory Evans

The Culprit Behind the WannaCry Ransomware Attack Has Been Identified As The Same Group Behind the Microsoft Tech Support Scam

“Federal Law Enforcement and Microsoft and Were Notified of The Threat in 2016. They Did Not Respond” Atlanta, Georgia (PRWEB) May 18, 2017 National Cyber Security News has recorded conversations of the mastermind behind the ransomware known as “WannaCry”, “WanaCrypt0r”, “WeCry”, and “WanaCrypt”. National Cyber Security Ventures (the parent company of National Cyber Security News) owns and runs several cyber …

The post The Culprit Behind the WannaCry Ransomware Attack Has Been Identified As The Same Group Behind the Microsoft Tech Support Scam appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

What Is The Reason Behind The Emergence Of Cybersecurity?

Source: National Cyber Security – Produced By Gregory Evans

What Is The Reason Behind The Emergence Of Cybersecurity?

All people in the world look at the phenomenon of the cyber security in two distinctive ways. The first way comprises of the world where each and every people can talk to each other with the help of sensors connecting wirelessly. The other way is the where each and every individual is exposed to the danger of the horrific experiences …

The post What Is The Reason Behind The Emergence Of Cybersecurity? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Behind the veil of Chinese white-hat hackers

Source: National Cyber Security – Produced By Gregory Evans

Behind the veil of Chinese white-hat hackers

Rebellious, talented and law-abiding twenty-somethings serve as main force in today’s cyber security vigilantism Countless children dream of becoming a superhero. For many, the dream gradually fades. But others are actually realizing their dreams through invisible battles of good versus evil in the virtual world. “The word ‘hacker’ has been defamed. It only reminds people […]

The post Behind the veil of Chinese white-hat hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Legal profession lagging behind on cyber security front

The legal profession as a whole is still playing catch up with other industries when it comes to cyber security, according to an expert from an international law firm. Speaking to Lawyers Weekly on his recent trip to Australia, K&L … View full post on National Cyber Security Ventures

The 3 Primary Motives Behind Romance Scams, And Why It’s So Hard to Get Justice

The FBI tells us that Romance Scams are the most common form of fraud in today’s society. And I don’t use the word “fraud” loosely. As most of you who’ve read my material know, lies only constitute a crime when the victim suffers harm. ‘Til then, lies are just lies. When the offender crosses that line in the sand that constitutes injury to the other party, they are actually committing a crime. Their lie has become fraud. Read More….

The post The 3 Primary Motives Behind Romance Scams, And Why It’s So Hard to Get Justice appeared first on Dating Scams 101.

View full post on Dating Scams 101

‘Hackers behind US cyber attacks hard to trace’

Source: National Cyber Security – Produced By Gregory Evans

‘Hackers behind US cyber attacks hard to trace’

Washington’s allegations that Russia was behind the cyber attacks against the US may be difficult to prove due to the sophisticated technologies used by the hackers, experts here believe. “To determine who is behind the attacks in cyberspace is extremely …

The post ‘Hackers behind US cyber attacks hard to trace’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures