Connect with us

Hi, what are you looking for?

Cyber Security

TrickBot’s FIN12 is Claiming Victims at Higher Rate

A detailed report about FIN12, a financially motivated threat actor known for its ransomware activities, was recently released. The suspected partner of the TrickBot gang has been active since October 2018 and focuses on high-value targets.

The report findings

The report by Mandiant Intelligence activity sheds light on attack tactics and how the actor selects its target.

  • FIN12 mostly deploys Ryuk ransomware for data theft attacks with healthcare as its favorite target sector, as observed especially during the pandemic.
  • Around 20% of its victims are in healthcare. Other targeted sectors include finance, education, manufacturing, and IT.
  • It targets large organizations that have annual revenues over $300 million, with an average of almost $6 billion.
  • The report indicated that, since September 2020, around 20% of the incident response engagements were related to FIN12 intrusions.
  • In a one-off, FIN12 was also spotted dropping Conti ransomware in one of the attacks where it extorted twice from the victim for stolen 90GB of data.

The shift in targeted regions

  • In the last two years, most of FIN12’s victims were based in North America (71% in the U.S. and 12% in Canada). 
  • This year, the group has expanded its scope by targeting companies in Australia, Indonesia, Colombia, France, Ireland, the Philippines, Spain, South Korea, the UAE, and the U.K.

More insights

  • The report found that the average time FIN12 spends on the victim network is reducing each year. It was five days in Q1 2020 and was reduced to three days during the first half of 2021.
  • For initial access, the group relied mostly on its partners such as TrickBot/BazarLoader. However, FIN12 used other initial access vectors, such as backdoors, droppers, and code signing certificates.

Conclusion

FIN12 is believed to further evolve and expand its operations including data theft and extortion, according to experts. Moreover, the group is regularly improving its tactics, techniques, and procedures. Therefore, experts recommend a multi-layer security architecture to thwart such threats at the early stages.

Source: https://cyware.com/news/trickbots-fin12-is-claiming-victims-at-higher-rate-438ed65c

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Business News

According to an official news release, Turner Construction has officially commenced a US$100 million renovation project at Albany International Airport, located in upstate New...

Business News

With a span of 853 meters, the Gordie Howe International bridge linking the US and Canada, will be the longest cable stayed bridge in...

Government

In this photo provided by Brian Branch, a large balloon drifts above the Kingstown, N.C. area, with an airplane and its contrail seen below...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO