News Alert Bitdefender: Credit Card Thieves Expand Their Tech Portfolio. FIN8-Gruppe recently started using the backdoor BADHATCH with extended functionalities and improved camouflage.
The cyber criminals of the FIN8 group have expanded the possibilities of the BADHATCH backdoor toolkit for their own purposes and are targeting companies with new variants. The experts at Bitdefender Labs found that the group is active again in several countries after a break of about one and a half years. The retail trade as well as the hotel and restaurant industry are likely to be targeted.
FIN8 hacker group increasingly active
The FIN8 hacker group has been active since 2016 and, according to MITER, has specialized in the theft of credit card data from POS systems. To do this, the group uses numerous different attack vectors, including a feature-rich malware called BADHATCH since 2019. The group's spear phishing campaigns also target retailers and hotels and restaurants. Insurance companies or companies from the chemical industry are currently among the victims of the new variant.
New variants of backdoor BADHATCH
Bitdefender has discovered three variants of the advanced backdoor BADHATCH since April 2020. If the attack is successful, the FIN8 hackers can steal credit card transaction data at the point of sale. The new functions of the third generation of the toolkit include:
- the unauthorized recording of screen contents, proxy tunnels and fileless execution,
- as well as better protection against defense software. Powershell commands are now encrypted with TLS, misusing the sslip.io service.
Recommendations for action against FIN8
Like most persistent and skilled cybercriminals, FIN8 is constantly improving its tools and tactics to avoid being detected. Bitdefender recommends taking the following measures to minimize the impact of financial malware:
- Disconnect the POS network from the network used by employees or guests.
- Provide cybersecurity training to employees so they can identify phishing emails.
- Customize your email security solution to automatically remove malicious or suspicious attachments.
- Integrate threat data into the existing SIEM or security controls for relevant indicators of compromise.
- Small and medium-sized businesses without their own security team should consider outsourcing security operations to providers of managed detection and response solutions.
A whitepaper from Bitdefender Labs describes the differences between the three BADHATCH versions and the currently known compromise indicators.
More on the whitepaper at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de