Cybercrime operations can be intricate and elaborate, with careful planning needed to navigate the various obstacles separating an attacker from a payout. Yet reports on these operations are often fragmentary, as the full scope of attacker activity typically occurs beyond the view of any one group of investigators.

FireEye Threat Intelligence and iSIGHT Partners recently combined our research to provide a unique and extensive look into the activities of one particular threat group: FIN6.

FIN6 is a cyber criminal group that steals payment card data for monetization from targets predominately in the hospitality and retail sectors. The group was observed aggressively targeting and compromising point-of-sale (POS) systems and making off with millions of payment card numbers. These card numbers were later sold on a particular underground “card shop,” potentially earning FIN6 hundreds of millions of dollars.

This report provides wide-ranging, end-to-end visibility into FIN6’s cybercrime operations, detailing initial intrusion, methods used to navigate the victim network, other tactics, techniques, and procedures (TTPs), and the sale of stolen payment card data in an underground marketplace.

M-Trends 2016 provides trends, statistics and case studies to illustrate how advanced threat actors have evolved over the past year.

The annual report was compiled by consultants at Mandiant, a FireEye company, and is based on hundreds of Mandiant incident response investigations in more than 30 industry sectors. It offers recommendations on how organizations can improve the way they prevent, detect, analyze and respond to cyber attacks.

Download the special report to learn:

• How cyber attackers are holding data for ransom, stealing personally identifiable information and destroying critical systems
• Why enterprise networking devices, such as routers, switches and firewalls, are being targeted
• What trends that started years ago are still going strong
• 10 key insights to help organizations deal with disruptive attacks

Ransomware can bring your business to a halt and cause significant financial damage. This type of malware encrypts your critical data, file servers, or system files. The attackers then refuse to release the encryption, or they threaten to go public with your data unless you meet the ransom demands.

In such situations, your choices will be limited. There is no single solution to ransomware, and no clear guidance on post-infection best practices.

The Ransomware Response Strategies white paper explains:

• What types of ransomware are currently in use and the damage they can cause
• Why and how to determine the infection path to mount a long-term defense
• How to identify and build strong security solutions for web and email that can protect you from ransomware