Back in 2018, several law enforcement groups were able to nab some of the top brass overseeing some major cybercrime organization—many that had been targeting organizations all over the United States.
At the time (and even since then) many in cybersecurity were confident that formal arrests of key individuals involved in cybercrime was the most effective way of eliminating ransomware attacks—and other malicious breaches—from reaching our computer networks.
They were wrong.
Earlier this month, cyber analysts found one major crime ring—which had seemingly been eradicated just a year ago—the Fin7 cybercrime group ramped up its operations, adding additional malicious code to its arsenal.
After nearly a year of dormancy from the 2018 bust of their major, the group has returned bigger and stronger than ever. This group is back with a vengeance, despite the arrest of several key members last year.
What concerns the cybersecurity community today?
This notorious group is adopting a relatively new technique (called Boostwrite), which uses new evasion tactics. In essence, this new tactic adopts valid certificates, making your computer think everything is working. It then distributes malware onto your network completely undetected.
The malicious software Fin7 is currently distributing was developed to tamper with your administration tools—these tools are used most often for your IT support team to resolve issues on your network. This group in particular has started targeting point of sale (POS) systems.
Why is the cyber community worried about Fin7?
While Fin7 is still a major player in cybercrime, researchers and analysts are even more frightened that cyber rings can be intercepted—and even taken down—and still are able to grow and increase their attack presence.
Bottom line: traditional law enforcement techniques are not working when it comes to taking down cybercrime. Even eliminating the influential players in cybercrime through multiple high profile arrests are incapable of crushing the ability of these groups and even budding enthusiasts from taking advantage of networks like yours.
These groups are expanding their targets and growing their market share.
They are specializing in very specific targets—maybe banking, retail, healthcare, or accounting. Cybercriminals are learning that to be successful in their trade they need to hone their skills and messaging to attack and reap rewards from focusing on very specific targeted groups.
They are learning how you talk, how you operate and what your business cycle looks like. These groups are becoming experts at knowing your business in order to deceive and attack at the perfect time.
They are constructing emotional phishing campaigns and getting through to your team’s human side. They are becoming more believable and are finding every angle—technology, people and process—to penetrate your network and exploit whatever it can get its hands on.
These criminals ARE experienced. They learn from their mistakes and are becoming more resilient.
Even after confronted with arrests and indictments, these cyber rings are stepping up to the plate and fighting harder than ever. What the cybersecurity community originally underestimated were these criminals’ resolve to get what they want.
Have you ever really wanted to get something done? Maybe run a marathon or 5K? Maybe get a kitchen remodel done or finish your degree?
Attackers have that kind of resolve day in and day out. They are hungry to get into your network—it’s a challenge that proves their grit and ability. They don’t just want your money. They want to prove to themselves and others in their community that they can successfully attack your network.
Criminals are even fiercer than traditional crimes, mainly because they are passionate about what they’re doing and will continue to try new things to get in.
What’s the solution to keeping them out?
We cannot rely on law enforcement to rid our world of cybercrime. At this point, we’ve got to do some of the heavy lifting ourselves. That means keeping our doors locked and windows closed.
That means knowing where your risks lie, prioritizing those risks and resolving them. If you’re a low hanging fruit, you may very well be on the target list. If your network isn’t patched and updated, if you keep those Windows 7 machines on your network past January 14 of next year, or if your staff remain in the dark of the attacks hitting your business and those around you, you will remain a prime target for cybercrime.