Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    FIN10 Hacking Group Attacking Canadian Casinos, FireEye Finds

    By
    Sean Michael Kerner
    -
    June 16, 2017
    Share
    Facebook
    Twitter
    Linkedin
      New Wave WannaCry

      Security firm FireEye released a new report today describing the activities and techniques used by a hacker group it identifies as FIN10 that has been exploiting mining companies and casinos. 

      According to FireEye’s analysis, FIN10 has been active from at least 2013 through 2016 and does not rely on zero-day vulnerabilities, but rather publicly available software and techniques, to exploit victims. FireEye declined to provide eWEEK with metrics on the number of victims exploited by FIN10 or the total financial impact, although it indicated where all of the victims were geographically located.

      “All of the known compromised organizations are based in Canada,” Charles Carmakal, vice president with FireEye’s Mandiant cyber-security consulting group, told eWEEK.

      After infiltrating an organization, FIN10 steals data and then threatens the victims that the data will be publicly released or that IT systems will be disrupted. FIN10 demanded different amounts from the victims, ranging from 100 to 500 Bitcoins, or approximately $124,000 to $620,000.

      Though FIN10 is stealing data, it is not a ransomware operation, according to FireEye. With ransomware, a victim’s data is encrypted by the attacker and then held for ‘ransom’ until a payment is made.

      “We have not observed FIN10 encrypting victims’ data in the past,” Carmakal said.

      Carmakal said that FIN10 is a financially motivated threat actor that extorts businesses for money. FIN10 steals sensitive data from victims, engages executives and board members, and threatens to publish the stolen data if money is not paid.  

      “They escalate their attack by destroying systems and engaging with journalists to maximize exposure of the breach in an attempt to coerce the victims to pay,” Carmakal said.

      As to why FIN10 specifically attacked Casinos and mining companies, FireEye has not determined a a clear motive. What is clear however is that FIN10 is not using any custom hacking tools or zero-day malware to achieve its objectives.

      “We have only seen FIN10 use publicly available security tools like Metasploit, PowerShell Empire, and Splinter RAT (Remote Access Trojan),” Carmakal said. 

      Metasploit is a popular open-source penetration testing framework that is used by security researchers to test organizations for resilience against threats. Part of the Metasploit framework is the meterpreter payload delivery tool which is what the FIN10 attackers were using to infect the victimized organizations. PowerShell Empire is an open-source, post-exploitation tool that is used by attackers to execute commands on a system after it has been infiltrated.

      Attribution for the FIN10 attacks is a somewhat complicated matter. Carmakal said that FireEye does not know where FIN10 is based, but strongly suspects that the individual writing the communications to victims and the public is a native English speaker. FireEye’s research and analysis has shown that FIN10 is known to throw false flags and has purported to be from Russia and Serbia.  

      “One of the personas that FIN10 took on purported to be a Russian hacktivist organization,” Carmakal said. “In reading their communications, it was clear that they were not native Russian speakers.”  

      “We believe they used translation software to convert English to Russian,” he added. 

      Defending Against FIN10

      “While FIN10 appears to have less technical capability than other financially motivated threat actors that we typically investigate, they have proven to be very effective in compromising several organizations’ networks and achieving their objectives,” Carmakal said. 

      There are several pro-active technologies that Carmakal recommends organizations deploy to limit the risk of being exploited by a hacking group like FIN10.

      “While there is no silver bullet in security, we believe organizations can help combat FIN10 by leveraging email threat prevention solutions to identify and block phishing campaigns and use endpoint detection and response (EDR) solutions to identify and block the tools and back doors that FIN10 deploys on endpoints,” he said.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×