Codoso Group Hackers Breach Samsung Subsidiary LoopPay
The breach remained undetected for five months, according to the New York Times.
A Chinese hacking team known as the Codoso Group or the Sunshock Group breached the network of Samsung subsidiary LoopPay earlier this year, the New York Times reports.
Samsung acquired LoopPay in February 2015 for over $250 million, and the hackers breached the company's network as early as March 2015. LoopPay executives told the Times that the hackers appeared to be focused on the company's Magnetic Secure Transmission technology, which is a key part of Samsung Pay.
LoopPay CEO and co-founder Will Graylin told the Times that while the hackers breached LoopPay's corporate network, they don't appear to have accessed the production system that manages payments.
"Samsung Pay was not impacted and at no point was any personal payment information at risk," Samsung chief privacy officer Darlene Cedres said in a statement. "This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay."
Still, the Times notes, the breach wasn't discovered until late August 2015, five months after the hackers first accessed the network, when an unnamed organization found LoopPay's data while investigating the Codoso Group.
The Codoso Group was also responsible for a breach of Forbes' website disclosed in February of this year.
"Once Codoso compromises their targets -- which range from dissidents to C-level executives in the U.S. -- they tend to stay there for quite a long time, building out their access points so they can easily get back in," iSIGHT Partners senior manager for cyber espionage threat intelligence John Hultquist told the Times. "They'll come back to a previous organization of interest again and again."
Mark Bower, global director of product management for enterprise data security at HP Data Security, told eSecurity Planet by email that while nobody's free from breach risk, companies that process and collect sensitive data like payments are unquestionably targets. "Any company today has to assume a breach will happen and take more advanced threat mitigation measures," he said. "The payments business has learned the lesson hard over the years, and embraced far more powerful approaches to data security than traditional perimeter and storage encryption provides."
"Today, the best-in-class businesses secure the data itself, not just the infrastructure, securing billions of transactions representing trillions of dollars in value with new technologies like Format-Preserving Encryption and stateless tokenization," Bower added. "The result is they don’t keep any live data anywhere it can be stolen. This is a huge shift from older perimeter or disk and database encryption approaches which simply can't withstand advanced attacks like those reported in this case."
And Splunk senior vice president of security markets Haiyan Song said by email that the LoopPay breach is yet another example of attackers lurking undetected in organizations' networks for several months. "Today's news reinforces the need to utilize data science and machine learning for automated analysis and fast access to forensic data to detect these low and slow breaches," she said.
"Our best defense and means for minimizing impact on business is differentiating between normal and abnormal activities," Song added. "When companies analyze user behavior and know normal activity patterns, they can quickly spot the potentially threatening behavior and ultimately contain the impact of a breach."
Photo courtesy of Shutterstock.