An anonymous Casino has lost 150,000 credit cards after being raided by a new hacking group.
Researchers Emmanuel Jean-Georges and Barry Vengerik of Mandiant and FireEye say the “Fin5” hacking group had last year skipped through the organisation’s “flat” IT architecture to raid its open payment systems.
They say the casino lacked even basic firewalls around its payment platforms and did not have logging.
“It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel Jean-Georges told the Cyber Defence Summit (formerly Mircon) in Washington DC today.
“Had this casino hotel operator had even minimal or basic protections in place like a firewall with default deny systems to limit access to PCI (payment) systems … it would have slowed down the attackers and hopefully set off red flags.”
View full story
