On August 1, 2018 the US Department of Justice announced that three high-ranking members of the Eastern European “FIN7” cyber crime group were in custody for their role in attacking more than 100 US companies. Since 2015, FIN7 has been using a front company, “Combi Security,” to recruit criminal hackers to engage in cyber crime.
Most of the companies FIN7 attacked are in the restaurant, gaming and hospitality sectors. Well-known chains such as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli have been hit. FIN7 stole more than 15 million customer card records from more than 6,500 point-of-sale terminals at more than 3,600 business locations.
Companies in Australia, the UK and France were also attacked. The FBI said, “FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers, which the group used or sold for profit.”
How FIN7 attacked US companies
According to the FBI, FIN7 typically initiated its cyber attacks by delivering a phishing email to a company employee. Each email included an attached file, often an innocuous-appearing Microsoft Word document, with embedded malware. The text within the email simulated a legitimate business-related message in order to lead the recipient employee to open the attachment and unwittingly activate the malware that would infect the computer. For example, when targeting a hotel chain, the sender of the phishing email might claim to be interested in making a reservation and include details in the attachment. This was often followed up with a phone call to the employee to make them feel that the email was legitimate.
Once the malware was activated, FIN7 was able to connect to the company’s computers, download more malware, and monitor the network. It was also able to locate point-of-sale terminals that contained customer data and steal payment card information. This information was then sold on online, underground marketplaces.
As FIN7 demonstrated, breaking into systems is relatively simple if a business has not properly patched and secured systems against the latest vulnerabilities. However, keeping systems up to date has become increasingly difficult.
Unfortunately, hackers have a window of opportunity between the moment someone publishes a vulnerability and the moment that vulnerability is patched or addressed. The longer this window stays open, the more the odds of compromise increase.
Penetration testing helps to identify configuration holes that could allow an attacker to gain access to a system. Due to the increasing type and volume of threats from hackers, it is critical to conduct periodic penetration tests. IT Governance’s network penetration testing service provides an industry-certified penetration tester to conduct a thorough technical test of your organization’s network, identifying vulnerabilities and how these can be exploited to extract data or take control of your IT system.
Speak to an expert to find out which test you need.