Sailors on the watch-floor of the Navy Cyber Defense Operations Command monitor, analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks. — U.S. Navy photo by Mass Communications Specialist 1st Class Corey Lewis/Released
A financially motivated cybercrime gang has breached and backdoored the network of a U.S. bank with a new malware dubbed Sardonic. The malware is capable of system information harvesting plus the command execution on compromised devices.
FIN8, the threat actor behind this incident, has been active since at least January 2016 and is known for targeting retail, restaurant, hospitality, healthcare, and entertainment industries with the end goal of stealing payment card data from POS systems.
According to cyber-intelligence reports, FIN8 is a threat actor that has been active since 2016. It is known for targeting various industries such as hospitality and healthcare.
To gain an insight Digital Journal caught up with Matt Sanders, Director of Security at LogRhythm.
According to Sanders this latest cybersecurity incident is part of a continued sequence where key institutions are being targeted by rogue actors.
Sanders says: “Banks and other businesses in the financial services industry are prime targets for cyberattacks with the plethora of sensitive information and financial data contained in their files, especially as more of the world transitioned to online banking during the pandemic.”
In emphasizing the vulnerability, Sanders says: “According to a report by the Boston Consulting Group, financial services firms are 300 times as likely as other companies to be targeted by cyberattacks phishing, insider threats and malware attack vectors.”
Sanders next looks at what measures can be taken to protect vulnerability businesses. He advises: “Financial institutions of any size need to take a more proactive and security-first approach to cybersecurity to solve for a slew of vulnerabilities.”
In addition, Sanders states: “Organizations should actively monitor and manage threats by collecting network data with real-time infrastructure visibility to better prepare to detect and thwart suspicious activity.”
Another best practice is that: “Financial institutions should also implement continuous monitoring and threat recognition capabilities to bridge the glaring security gaps many banks are facing.”
Sanders final recommendation is that “Security leaders within these organizations should report directly to CEOs and boards to ensure security is aligned with the larger business objectives.”