ZDNet is reporting that the notoriously well-known threat group Fin7, also known as Carbanak, is back with a new set of administrator tools and never-before-seen forms of malware. Fin7 has been active since at least 2015 and since the group’s inception has been connected to attacks against hundreds of companies worldwide.
Byron Rashed, Vice President of Marketing at Centripetal:
“Fin7 demonstrates how highly organized cyber gangs have become. The group has successfully infiltrated a number of business sectors where they can monetize their malicious activity. Many of these gangs are structured like Fortune 500 companies, with a CEO, CFO and members that specialize in various forms of malware, ransomware, phishing schemes, etc. Usually these gangs are
multinational and reside in countries where there are no extradition treaties, which in turn gives them freedom from prosecution.
Since their attacks are highly sophisticated, it is best to block certain geo regions where these threat actors are located. Many organizations are hesitant to block IPs and domains because they believe it will interfere with the operation of their business. However, in reality, it is easy to unblock trusted sources that could have once been malicious while erring to the side of caution. Despite the capture of some members, Fin7 will continue to be one of the most sophisticated, successful and innovative cyber gangs.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.