On November 2, 2023, the RH-ISAC intelligence and engineering team published the RH-ISAC Fraud Galaxy in the RH-ISAC Malware Intelligence Sharing Platform (MISP) instance for the retail, hospitality, and travel community to leverage.
Purpose
The purpose of the RH-ISAC Fraud MISP galaxy is to provide a knowledge base for the numerous fraud types that affect RH-ISAC members. This enables members, regardless of team size or budget, to combat fraud more effectively.
Goal
The goal of the galaxy is to elicit collaboration from core members to identify, classify, and describe the different fraud types to indicate what member industry the fraud type affects, how they can be detected, and how they can be mitigated.
Deliverable
The deliverable is a single catalog of various fraud types indexed by industry and methodology.
- MISP galaxy with clusters for each fraud type to provide a knowledge base on fraud.
- Each galaxy cluster contains relationships to Tactics, Tools, and Procedures (TTPs), tools used to facilitate fraud, detections, and/or mitigations for its specific type of fraud.
- The galaxy clusters can be used to tag and attribute intel to certain fraud types so members can then search or filter by the fraud categories.
Scope
The Fraud Galaxy includes a dynamic collection of intelligence and pivotable points, focused on fraud types targeting enterprises:
- Fraud types that have an impact on the RH-ISAC member organization rather than impacting customers.
- TTPs associated with the fraud types.
- Tools/technology/processes that can be used to detect or mitigate the fraud types.
Value
The primary value proposition for the galaxy is to create an intuitive resource for fraud intelligence for the retail, hospitality, and travel communities.
- Ability to understand TTPs associated with different fraud types.
- Ability to identify what indicators for a fraud type look like.
- Ability to share and tag fraud type indicators.
Member Input
RH-ISAC will be seeking input from the member analyst community, including any fraud-related non-public incidents, IOCs, TTPs, or other data that member analysts may have. Member contributions to the Fraud Galaxy can be attributed to member analysts or anonymous. Members who wish to contribute data to the galaxy should contact the intel team.
Updates and Maintenance
The galaxy will be updated by the RH-ISAC intel team as new data emerges on fraud types. New types will be added to the catalog as necessary, based on their prevalence and threat level to the RH-ISAC community. Members may contribute new data for galaxy at any time for inclusion by the intel team.
The Fraud Galaxy is available on RH-ISAC’s MISP Instance for RH-ISAC members. Not a member? Learn how becoming a part of the RH-ISAC community could benefit you.
