Credential Stuffing Attacks
Our monitoring technology identified a sudden influx of compromised login credentials of a major telecommunication company, with tens of thousands of compromised accounts offered for sale. A comprehensive analysis ruled out a hacking attack, leaving credential stuffing as the only viable attack vector.
The client requested assistance in finding a solution to the unanticipated problem and in developing an effective mitigation process. Gemini was able to not only promptly offer the valuable approach in order to significantly lower similar attacks in the future, but also helped to identify thousands of already exposed accounts, minimizing reputational damage to the organization and financial losses to its customers.
Gemini's subject matter experts identified a hacker, who was attempting to sell a database of over 1 million records of sensitive personally identifiable data (PII). Not only did the stolen information include Social Security numbers and mailing addresses, but also the state ID information, security challenge questions, and bank account information of the customers of over 100 financial institutions. Possession of such detailed information would present fraudsters with broad capabilities, allowing them to easily bypass the security controls of various organizations.
The hacker was explicitly attempting to sell the data to a single buyer only, demanding a substantial upfront payment and categorically refusing to provide any samples. Our experts successfully established a rapport and identified the name of the compromised company. After we notified the victim of the breach, he was able to confirm our findings, evaluate the extent of the breach, and mitigate the vulnerability which had allowed the intrusion. In parallel, Gemini notified all affected financial organizations, which allowed them to put the necessary security controls in place in order to reduce the effect of any future fraud attempts.
In early 2018, Gemini’s undercover agents received intelligence of a criminal who was soliciting help from a hacker to help him compromise over a dozen prominent international law firms. Understanding the sensitivity of the matter, our experts contacted the person directly and obtained the names of potential victims. Moreover, we successfully confirmed the specific data of interest and the exact intent for its future use.
Gemini immediately notified targeted organizations, as well as federal law enforcement. In the course of the following weeks, our experts maintained direct contact with the criminal, continuing to receive valuable intelligence and providing assistance to the police. At the same time, we evaluated exposure surface, performed security training, and worked closely with each organization on developing an actionable remediation plan. As a result, following the incident, no company suffered from a breach.