We know that stealing and selling credit card data is big business for criminals, and a new report provides a rare look at the operations of gang FIN6, from attack to sale, on an underground card shop.
One breach linked to the gang was tied to more than 20 million stolen credit cards, mostly from the U.S., selling on average for $21, according to the FireEye Threat Intelligence report. That adds up to $400 million in revenue, if the cards sold at full price. That said, some of the cards likely sold at a discounted rate because stolen cards rapidly lose value once they hit the market.
It is unclear how many individuals make up the group, though the sophistication of its operations suggests several participants, said John Miller, director of cybercrime analysis for iSIGHT partners, which was acquired by FireEye in January. Also unclear is where the group is located, though these types of attacks are often initiated from Eastern Europe. The group may well be involved in a variety of different types of fraud, identifying and exploiting any opportunity for profit, he said.
"They are certainly skillful at their role, so when they enter into the network, they are quite adept at escalating privilege, moving around inside of the network to try to locate the data that they are after, which is payment card information," said Nart Villeneuve, principal threat intelligence analyst at FireEye.