CIO Influence
CIO Influence News Security

8Base Ransomware Group Significantly Boosts Activity Level

8Base Ransomware Group Significantly Boosts Activity Level

8base is among the top 5 ransomware groups this summer, and Logpoint has uncovered the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise IoCs to look out for

The 8Base ransomware group has emerged as a persistent and formidable adversary in the ever-changing landscape of cyber threats, targeting multiple sectors, especially small and medium-sized industries. The group appeared in March 2022, and since June, the activity level has increased significantly, putting the group in the top 5 most active.

“In general, small and medium-sized organizations are more likely to struggle with small security budgets and cybersecurity shortages, which is a dangerous cocktail when a ransomware group like 8base is coming for them,” says Anish Bogati, Logpoint Security Research Engineer. “Small and medium-sized organizations, in particular, should familiarize themselves with 8base, and more importantly, ramp up on security measures to safeguard against it. Understanding the adversary is the key to devising better defensive strategies.”

CIO INFLUENCE News: VergeIO Makes IT Hills Out of Mountains for SkiBig3

Logpoint’s research has uncovered the 8base infection chain through malware analysis. 8base use multiple malware families to achieve their goals, including SmokeLoader and SystemBC, in addition to the Phobos ransomware payload. The ransomware group primarily gains initial access through phishing emails and utilizes Windows Command Shell and Power Shell to execute the payload. The adversaries use multiple techniques to ensure persistence within the system, evade defenses, and reach their goals.

Logpoint’s analysis reveals what security teams should look for to detect 8base activity in the system, including suspicious child processes spawned by Microsoft Office products, file executing using WScript or CScript, or scheduled task creation. Knowing the indicators of compromise and TTPs helps organizations proactively identify and mitigate suspicious activities associated with 8base.

CIO INFLUENCE News: Rambus Safeguards Accelerated Computing with FPGA-targeted Security IP

“Small and medium-sized organizations must ensure capabilities that enable them to detect and respond to 8base activity at any stage of the infection,” says Anish Bogati. “Proper logging, visibility of assets, and monitoring are essential to a robust cybersecurity strategy because they provide an overview of the network and help to detect anomalies like file dropped in publicly writable folders, modification of registry values and suspicious scheduled task that may indicate a security threat like 8base is at large.”

CIO INFLUENCE News: Lenovo and VMware Partner to Deliver NVIDIA-Powered AI and Multi-Cloud Solutions to Every Business

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

CTL Extends Free Offer of Zero-Touch Enrollment Services (ZTE) with Purchase of Chromebooks

Cloudian Announces Object Storage Certification with VMware Tanzu Kubernetes Grid

CIO Influence News Desk

Acceldata Delivers Comprehensive Data Observability Platform For The Modern Data Stack