avatarRonke Babajide

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

2104

Abstract

id="9bf3"><b>Russian hacker group FIN7 (also known as Carbanak Gang or Navigator Group) created an entire fraudulent company to attract highly specialized talent.</b></p><p id="7d7a">This UK-based bogus company was hiring IT specialists for “<a href="https://en.wikipedia.org/wiki/Penetration_test">penetration tests</a>.” <b>Bastion Secure</b> specifically searched for programmers with skills in programming languages such as C ++, PHP and Python, Windows system administrators, and reverse engineering experts.</p><p id="e71f">At <a href="http://www.bastionsecure.com">www.bastionsecure.com</a>, which is now offline and flagged as fraudulent by browsers, ran a legit-looking website. They posted job ads on job boards like SuperJob to lure in their targets:</p><figure id="8507"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*JjzF0bj2pa8Qe0XX"><figcaption>Photo source <a href="https://geminiadvisory.io/fin7-ransomware-bastion-secure/">Gemini Advisory</a></figcaption></figure><p id="7a27">When you answered one of their ads, you went through a standard hiring process. There were interview rounds, work, and confidentiality agreements. They even offered basic training.</p><p id="09d7">The first task a new team member got? Getting into a company’s network and gathering information about administrator accounts and backups.</p><h1 id="f40b">Gemini Advisory went undercover to investigate</h1><p id="091c">Miami-based cybersecurity firm Gemini Advisory uncovered the hacker group’s activities. An informant from the firm covertly applied to Bastion and scouted out the operation.</p><p id="e103">Gemini believes FIN7 is trying to enter the lucrative ransomware market.</p><p id="81e2">So far, FIN7, although active since 2015, is only notorious for targeting POS systems. They gain permanent access to their victims with their custom <a href="https://en.wikipedia.org/wiki/Carbanak">Carbanak-Backdoor-Malware</a> and infect POS systems with skimmer software.</p><p id="28c6">The group very successfully targets restaurants, casinos, and hotels.</p><p id="8cee">In the U.S. alone,

Options

FIN7 has stolen more than <b>20 million customer card records</b> from more than 6,500 individual PoS terminals at more than 3,600 different business locations in all 50 states, according to the Department of Justice. <b>The total loss to victims is more than $1 billion</b>.</p><p id="ea11">With the information that the hired “pentesters” acquire and the skills they bring, the group would have everything they need to infect a victim with ransomware.</p><p id="79c2">If FIN7 were to go the usual route and get their information and tools via a darknet ransomware partner, they’d have to give their partners up to 80 percent of the ransom. Hiring their own workforce seems cheap in comparison.</p><p id="1023">This new approach seems both nefarious and entertaining. It feels like the plot of a Hollywood thriller.</p><p id="19a9">What we take away is that we, as security specialists, need to be extra careful who we work for. We could easily be hired by the wrong side.</p><p id="1add">Find a full report of this thriller on Gemini’s <a href="https://geminiadvisory.io/fin7-ransomware-bastion-secure/">website</a>.</p><p id="b861">If you’re not a medium member yet and enjoyed this story, maybe you’d like to sign up through my referral link below. If you do, I’ll make a little money off my writing. Or buy me a <a href="https://ko-fi.com/rbabajide">coffee</a>. Both would make me happy, so thank you in advance :)</p><div id="2dc6" class="link-block"> <a href="https://ronke-babajide.medium.com/membership"> <div> <div> <h2>Join Medium with my referral link - Ronke Babajide</h2> <div><h3>As a Medium member, a portion of your membership fee goes to writers you read, and you get full access to every story…</h3></div> <div><p>ronke-babajide.medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*U-yI-gk8Dcl2-2Xd)"></div> </div> </div> </a> </div></article></body>

Hacker Groups Tricked Security Pros into Working for Them

Be careful who you work for; your new job could be in cybercrime

Graphics by tatoenjoy on freepik

Keeping computers, users, and data secure is a full-time task for organizations. During the pandemic, hacker groups have increased their activities, targeting private companies and critical infrastructure with devastating results. Remember the Colonial pipeline hack that caused a gas shortage in February, where people tried to transport gas in plastic bags?

Today, every business relies on some form of digitization. Even the smallest company has email and some file servers to store business records.

Hacker groups have based their business model on companies being crippled if they don’t have access to systems and data.

Customers can’t be contacted, products can’t be shipped, production comes to a halt. The outages cost money, the larger the company, the greater the daily loss.

Hackers know that this financial pressure will make companies pay millions to restore access and resume operations. The ransom payments they demand are exorbitant.

Hackers are trying to hire unsuspecting IT pros

The looming threat makes companies spend a large amount of their IT budget on security. Keeping systems and data safe is a C-level agenda. Expensive, state-of-the-art Cybersecurity solutions make it more difficult for hackers to get access.

But, it’s a cat and mouse game.

The newest trick hackers have up their sleeves is hiring security specialists on the open market.

Russian hacker group FIN7 (also known as Carbanak Gang or Navigator Group) created an entire fraudulent company to attract highly specialized talent.

This UK-based bogus company was hiring IT specialists for “penetration tests.” Bastion Secure specifically searched for programmers with skills in programming languages such as C ++, PHP and Python, Windows system administrators, and reverse engineering experts.

At www.bastionsecure.com, which is now offline and flagged as fraudulent by browsers, ran a legit-looking website. They posted job ads on job boards like SuperJob to lure in their targets:

Photo source Gemini Advisory

When you answered one of their ads, you went through a standard hiring process. There were interview rounds, work, and confidentiality agreements. They even offered basic training.

The first task a new team member got? Getting into a company’s network and gathering information about administrator accounts and backups.

Gemini Advisory went undercover to investigate

Miami-based cybersecurity firm Gemini Advisory uncovered the hacker group’s activities. An informant from the firm covertly applied to Bastion and scouted out the operation.

Gemini believes FIN7 is trying to enter the lucrative ransomware market.

So far, FIN7, although active since 2015, is only notorious for targeting POS systems. They gain permanent access to their victims with their custom Carbanak-Backdoor-Malware and infect POS systems with skimmer software.

The group very successfully targets restaurants, casinos, and hotels.

In the U.S. alone, FIN7 has stolen more than 20 million customer card records from more than 6,500 individual PoS terminals at more than 3,600 different business locations in all 50 states, according to the Department of Justice. The total loss to victims is more than $1 billion.

With the information that the hired “pentesters” acquire and the skills they bring, the group would have everything they need to infect a victim with ransomware.

If FIN7 were to go the usual route and get their information and tools via a darknet ransomware partner, they’d have to give their partners up to 80 percent of the ransom. Hiring their own workforce seems cheap in comparison.

This new approach seems both nefarious and entertaining. It feels like the plot of a Hollywood thriller.

What we take away is that we, as security specialists, need to be extra careful who we work for. We could easily be hired by the wrong side.

Find a full report of this thriller on Gemini’s website.

If you’re not a medium member yet and enjoyed this story, maybe you’d like to sign up through my referral link below. If you do, I’ll make a little money off my writing. Or buy me a coffee. Both would make me happy, so thank you in advance :)

Cybersecurity
Hacker
Malware
Technology
Fin7
Recommended from ReadMedium