As early as 2009, one particular financial attack group has been successfully stealing payment card data from the entertainment industry, to include casinos, that make the Oceans 11 movie franchise look like child’s play. This talk will walk through the earliest FIN5 compromises identified by Mandiant, showcasing the developmental evolutions of this attack group. We will cover attack techniques dating from 2009 to present day, and review the methodologies used to defeat security controls implemented to protect the enterprise and payment card data.
Combining years of Mandiant investigations, we’ve collected timelines of compromise, FIN5 attack lifecycles, and public notifications of breaches affected by this group. Comparing that data against temporal data points, we will reveal an elaborate criminal infrastructure and a thorough understanding of the payment card ecosystem. While this attack group focuses on payment card data, the techniques leveraged by the attack group are applicable and relevant across all industries.