Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FIN8 Cybercrime Gang Backdoors US Orgs With New Sardonic Malware

FIN8 Cybercrime Gang Backdoors US Orgs With New Sardonic Malware

A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it.

FIN8, the threat actor behind this incident, has been active since at least January 2016 and is known for targeting retail, restaurant, hospitality, healthcare, and entertainment industries with the end goal of stealing payment card data from POS systems.

This threat actor’s malicious arsenal includes a large assortment of tools and tactics, ranging from POS malware (e.g., BadHatchPoSlurp/PunchTrackPowerSniff/PunchBuggy/ShellTea) to Windows zero-day exploits and spear-phishing.

Since FireEye first spotted them, FIN8 has orchestrated multiple large-scale but sporadic campaigns that impacted hundreds of organizations.

Also Read: 5 Workplace Tips: Protecting Information On Mobile Devices

Backdoor still under development

Sardonic is a new C++-based backdoor the FIN8 threat actors deployed on targets’ systems likely via social engineering or spear-phishing, two of the group’s favorite attack methods.

While the malware is still under development, its functionality includes:

  • System information harvesting.
  • Command execution on compromised devices.
  • And a plugin system designed to load and execute further malware payloads delivered as DLLs.

During their attack against the US bank, the backdoor was deployed and executed onto victims’ systems as part of a three-stage process using a PowerShell script, a .NET loader, and downloader shellcode.

As Bitdefender’s researchers observed, the PowerShell script is copied manually onto compromised systems, while the loaders are delivered onto compromised devices via an automated process.

FIN8 operators also tried multiple times to install the Sardonic backdoor on Windows domain controllers to escalate privilege and move laterally through the organization’s network.

Sardonic backdoor execution flow
Sardonic backdoor execution flow (Bitdefender)

Potential targets warned to be vigilant

Bitdefender urges organizations at risk of being targeted by FIN8 (primarily financial, retail, hospitality entities) to be on alert and check their networks for known FIN8 indicators of compromise.

“FIN8 continues to strengthen its capabilities and malware delivery infrastructure. The highly skilled financial threat actor is known to take long breaks to refine tools and tactics to avoid detection before it strikes viable targets,” Bitdefender’s Cyber Threat Intelligence Lab researchers concluded.

Also Read: The Role Of A DPO During Work From Home

“Bitdefender recommends that companies in target verticals (retail, hospitality, finance) check for potential compromise by applying [the IoCs] to their EDR, XDR and other security defenses.”

Additional details on Sardonic’s inner workings and indicators of compromise (IOCs), including infrastructure info and malware hashes, can be found at the end of Bitdefender’s whitepaper.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us