Despite the fact that investigations carried out last year by Europol and the US Department of Justice, resulted in the arrest of many cybercriminals believed to have been leading positions in FIN7 and Carbanak, security experts are still finding signs of their activity. In addition, the number of hacking groups, using similar tools and the same infrastructure is growing. You will then find out what tools these groups use and how you can stay safe.
The FIN7 team specializes in attacks on businesses in order to gain access to financial data or the PoS infrastructure. The usual method to follow is spear phishing campaigns through specialized social engineering. In order to convince their victims, they will first exchange dozens of normal and harmless messages with them.
In most cases, attacks use malicious documents with macros to install malicious software on the victim's computer. Then, modules are downloaded to the system's memory to collect information, download additional malware, capture screenshots, and cybercriminals may create additional modules at any time.
CobaltGoblin / Carbanak / EmpireMonkey
And other cybercriminals use similar tools and techniques. The only difference is their goals, such as banks. The main strategy of the Carbanak (or CobaltGoblin or EmpireMonkey) team is to gain access to victims' networks and then find interesting parameters that can generate revenue.
AveMaria is a new botnet used to steal information. When a machine is infected, it begins to collect all possible credentials from various softwares: browsers, e-mail programs, messaging programs, and so on. It also works as a keylogger.
To deliver payload, villains use spear phishing, social engineering, and malicious attachments. Experts believe it is also associated with FIN7.
CopyPaste targets financial entities and companies in an African country. Malicious agents used several methods and tools similar to those used by Fin7.
How can you stay safe?
Use security solutions with a special feature designed to detect and prevent a phishing attempt. Businesses can protect their on-premise e-mail systems with targeted applications within the suite Kaspersky Endpoint Security for Business.
Enter training on safety and teach practical skills such as programs Kaspersky Automated Security Awareness Platform will help strengthen skills and conduct simulated phishing attacks.
All of the aforementioned groups benefit greatly from unpatched systems in corporate environments. To limit their capabilities, use a robust fix strategy and a security solution such as Kaspersky Endpoint Security for Business that can automatically fix the critical software.