Credential Stuffing Attacks
Our monitoring technology identified a sudden influx of compromised login credentials of a major telecommunication company, with tens of thousands of compromised accounts offered for sale. A comprehensive analysis ruled out a hacking attack, leaving credential stuffing as the only viable attack vector.
The client requested assistance in finding a solution to the unanticipated problem and in developing an effective mitigation process. Gemini was able to not only promptly offer the valuable approach in order to significantly lower similar attacks in the future, but also helped to identify thousands of already exposed accounts, minimizing reputational damage to the organization and financial losses to its customers.
Gemini's subject matter experts identified a chatter among Russian-speaking carders, who discovered a flaw in the payment card enrollment process of a medium-size credit union, which allowed criminals to obtain undeterred online access to transaction history and bill payment functionality. Within a day, the entire supply of affected credit and debit cards, which were offered by underground marketplaces, were bought by criminals, potentially exposing thousands of clients to fraudulent activity.
Our outreach team immediately contacted the affected organization, who had already begun to observe an unusual spike of unauthorized transactions; however, were struggling to determine the exact cause of such unusual activity. With our help, in anticipation of even more damaging activity, the credit union immediately decided to suspend all online enrollment registrations until the issue was resolved.
Gemini’s undercover agents received intelligence about a planned hacking attack on various models of ATM machines by a criminal syndicate, also known as a Black-Box Attack. In collaboration with federal law enforcement and a leading ATM manufacturer, we successfully obtained the hardware used by hackers to penetrate the system and performed trial tests in a controlled environment, ascertaining the group’s capabilities.
We confirmed the successful outcome of such an attack, providing invaluable technical information to the ATM manufacturer, including a lineup of ATM models susceptible to Black-Box penetration. In addition, global financial organizations were promptly alerted to imminent copycat attacks, allowing ample time to secure devices at the potentially affected locations.