Following the arrest in 2018 of a number of suspected leaders of the notorious Fin7/Carbanak cyber-gang, the group was believed to have disbanded. But Kaspersky Lab researchers have detected a number of new attacks by the same groups using GRIFFON malware. According to the company’s experts, Fin7 might have extended the number of groups operating under its umbrella; increased the sophistication of its methods; and even positioned itself as a legitimate security vendor to recruit professional employees and dupe them into helping it steal financial assets.

 

Fin7 is believed to be behind attacks targeting the U.S. retail, restaurant, and hospitality sectors since mid-2015, working in close collaboration and sharing tools and methods with the infamous Carbanak group. While Carbanak focused primarily on banks, Fin7 targeted mostly businesses, potentially making off with millions of dollars in financial assets, such as payment card credentials or account information on the computers of financial departments. Once the threat actors got what they needed, they wired money to offshore accounts.

 

According to Kaspersky Lab’s new investigation, the group has continued its activity – despite the arrest last year of alleged group leaders – implementing sophisticated spear-phishing campaigns throughout 2018 and distributing malware to each target through specially tailored emails. In different cases, the operators exchanged messages with their intended victims over a period of weeks before finally sending the malicious documents as attachments. Kaspersky Lab estimates that by the end of 2018, more than 130 companies might have been targeted in this way.

 

The researchers also discovered other criminal teams operating under the Fin7 umbrella. The use of shared infrastructure and the same tactics, techniques and procedures (TTPs), shows that Fin7 is likely to be collaborating with the AveMaria botnet and groups known as CobaltGoblin/EmpireMonkey, believed to be behind bank robberies in Europe and Central America.

 

Kaspersky Lab also found that Fin7 has created a fake company that claims to be a legitimate cybersecurity vendor with offices across Russia. The company website is registered to the server that Fin7 uses as a Command and Control center (C&C). The fake business has been used to recruit unsuspecting freelance vulnerability researchers, program developers and interpreters through legitimate online job sites. It seems that some of the individuals working in these fake companies did not suspect that they were involved in a cybercrime business, with many including the experience of working in the organizations in their Cvs.

 

“Modern cyberthreats can be compared to the mythical creature Hydra of Lerna – you cut off one of its heads and it grows two new ones. Therefore, the best way to protect yourself from such actors is to implement advanced, multi-layered protection: install all software patches as soon as they are released and do regular security analysis across all networks, systems and devices,” said Yury Namestnikov, Security Researcher at Kaspersky Lab.

 

To reduce the risk of infection, users are advised to:

 

  • Use security solutions with dedicated functionality aimed at detecting and blocking phishing attempts. Businesses can protect their on-premise email systems with targeted applications inside the Kaspersky Endpoint Security for Business suite. Kaspersky Security for Microsoft Office 365 helps to protect the cloud-based mail service Exchange Online inside the Microsoft Office 365 suite.
  • Introduce security awareness training and teach practical skills. Programs such as Kaspersky Automated Security Awareness Platform will help to reinforce skills and conduct simulated phishing attacks.
  • Provide your security team with access to up to date threat intelligence data, to keep pace with the latest tactics and tools used by cybercriminals.

 

Read the full version of the report on
Securelist.com

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
AOC Monitors Continuously Dominate the PH Market in Monitor Sales
Techworld Date Posted: 28 January 2019 4:25 PM | 3 Views
According to the most recent report from the International Data Corporation (IDC), the world’s premiere global market intelligence firm, AOC has once again overtaken the Philippine market in monitor sales during the third quarter.... See More
 
AOC Monitors Continuously Dominate the PH Market in Monitor Sales
Techworld Date Posted: 4:25 PM | 3 Views
According to the most recent report from the International Data Corporation (IDC), the world’s premiere global market intelligence firm, AOC has once again overtaken the Philippine market in monitor sales during the third quarter...See More

 
Meet Genesis – The Underground E-Shops with Tens of Thousands of Digital Doppelgangers for Sale to Bypass Financial Anti-Fraud Solutions
Techworld Date Posted: 24 April 2019 4:29 PM | 0 Views
Kaspersky Lab has published the results of an investigation into Genesis - an e-shop that is trading over 60,000 stolen and legitimate digital identities, making successful credit card fraud that much easier to conduct..... See More
 
Meet Genesis – The Underground E-Shops with Tens of Thousands of Digital Doppelgangers for Sale to Bypass Financial Anti-Fraud Solutions
Techworld Date Posted: 4:29 PM | 0 Views
Kaspersky Lab has published the results of an investigation into Genesis - an e-shop that is trading over 60,000 stolen and legitimate digital identities, making successful credit card fraud that much easier to conduct....See More

 
Fortinet Introduces New Network Access Control Solution for IoT Security
Techworld Date Posted: 11 September 2018 10:53 AM | 266 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced FortiNAC, a new network access control product line that delivers network segmentation and automated responses for IoT security.. See More
 
Fortinet Introduces New Network Access Control Solution for IoT Security
Techworld Date Posted: 10:53 AM | 266 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced FortiNAC, a new network access control product line that delivers network segmentation and automated responses for IoT security.See More

 
Kingston Ships Second-most SSDs in Channel Worldwide in 2016
Techworld Date Posted: 22 March 2017 1:45 PM | 0 Views
Kingston, the independent world leader in memory products, today announced it owns 16 percent of the global channel SSD unit market share for 2016. Data was compiled by the research firm, Forward Insights, which.... See More
 
Kingston Ships Second-most SSDs in Channel Worldwide in 2016
Techworld Date Posted: 1:45 PM | 0 Views
Kingston, the independent world leader in memory products, today announced it owns 16 percent of the global channel SSD unit market share for 2016. Data was compiled by the research firm, Forward Insights, which...See More

 
Transcend Announces Its Participation in Davao International Marathon 2019 – Powered by Taiwan Excellence
Techworld Date Posted: 4 March 2019 3:53 PM | 98 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce its participation in the Davao International Marathon 2019 (DIM 2019) – Powered by Taiwan Excellence. See More
 
Transcend Announces Its Participation in Davao International Marathon 2019 – Powered by Taiwan Excellence
Techworld Date Posted: 3:53 PM | 98 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce its participation in the Davao International Marathon 2019 (DIM 2019) – Powered by Taiwan ExcellenceSee More

 
Lenovo Opens Concept Store in Tacloban
Techworld Date Posted: 25 October 2018 2:01 PM | 174 Views
Technology leader, Lenovo, has recently opened its newest concept store in Tacloban City, Leyte, as part of its efforts to bring its services closer to customers in the region and bolster its presence in.... See More
 
Lenovo Opens Concept Store in Tacloban
Techworld Date Posted: 2:01 PM | 174 Views
Technology leader, Lenovo, has recently opened its newest concept store in Tacloban City, Leyte, as part of its efforts to bring its services closer to customers in the region and bolster its presence in...See More

 
iPhone Xs and Xs Max, Now Available in Power Mac Center
Techworld Date Posted: 5 November 2018 5:21 PM | 317 Views
Power Mac Center, the premier Apple partner in the country, recently welcomed the arrival of iPhone Xs, iPhone Xs Max, and Apple Watch Series 4 with a midnight launch party at its flagship store.... See More
 
iPhone Xs and Xs Max, Now Available in Power Mac Center
Techworld Date Posted: 5:21 PM | 317 Views
Power Mac Center, the premier Apple partner in the country, recently welcomed the arrival of iPhone Xs, iPhone Xs Max, and Apple Watch Series 4 with a midnight launch party at its flagship store...See More

 
Epson, DENR-EMB, and GREENducation PH Launch 1st EcoVision Short Film Competition for Students
Techworld Date Posted: 4 January 2019 1:09 PM | 165 Views
Epson, in partnership with the Department of Environment and Natural Resources – Environmental Management Bureau (DENR-EMB) and GREENducation Philippines, has announced the launch of its 1st EcoVision Short Film Competition for students. . See More
 
Epson, DENR-EMB, and GREENducation PH Launch 1st EcoVision Short Film Competition for Students
Techworld Date Posted: 1:09 PM | 165 Views
Epson, in partnership with the Department of Environment and Natural Resources – Environmental Management Bureau (DENR-EMB) and GREENducation Philippines, has announced the launch of its 1st EcoVision Short Film Competition for students. See More

 
Kaspersky Lab Publishes Results of Internal Investigation Related to Incident with Equation APT Source Code
Techworld Date Posted: 17 November 2017 11:24 AM | 370 Views
In early October, a story was published in The Wall Street Journal alleging Kaspersky Lab software was used to download classified data from an NSA employee’s home computer. . See More
 
Kaspersky Lab Publishes Results of Internal Investigation Related to Incident with Equation APT Source Code
Techworld Date Posted: 11:24 AM | 370 Views
In early October, a story was published in The Wall Street Journal alleging Kaspersky Lab software was used to download classified data from an NSA employee’s home computer. See More

 
eSakay Electric Jeeps Servicing Makati-Mandaluyong Commuters Have Just Been Introduced to a Greater Riding Public
Techworld Date Posted: 23 January 2019 2:33 PM | 0 Views
eSakay’s electric vehicle (EV) fleet that will soon ply one of Metro Manila’s busiest commuting routes between Makati and Mandaluyong, was introduced at a launch ceremony at the Circuit Events Grounds in Makati City.... See More
 
eSakay Electric Jeeps Servicing Makati-Mandaluyong Commuters Have Just Been Introduced to a Greater Riding Public
Techworld Date Posted: 2:33 PM | 0 Views
eSakay’s electric vehicle (EV) fleet that will soon ply one of Metro Manila’s busiest commuting routes between Makati and Mandaluyong, was introduced at a launch ceremony at the Circuit Events Grounds in Makati City...See More


Power by

Download Free AZ | Free Wordpress Themes