8base is among the top 5 ransomware groups this summer
8base is among the top 5 ransomware groups this summer

News -

8base ransomware group significantly boosts activity level

  • 8base is among the top 5 ransomware groups this summer, and Logpoint has uncovered the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise IoCs to look out for.
  • The ransomware group targets small and medium-sized organizations, which are less likely to have strong security measures.

COPENHAGEN, Denmark, August 24, 2023 – The 8Base ransomware group has emerged as a persistent and formidable adversary in the ever-changing landscape of cyber threats, targeting multiple sectors, especially small and medium-sized industries. The group appeared in March 2022, and since June, the activity level has increased significantly, putting the group in the top 5 most active.

“In general, small and medium-sized organizations are more likely to struggle with small security budgets and cybersecurity shortages, which is a dangerous cocktail when a ransomware group like 8base is coming for them,” says Anish Bogati, Logpoint Security Research Engineer. “Small and medium-sized organizations, in particular, should familiarize themselves with 8base, and more importantly, ramp up on security measures to safeguard against it. Understanding the adversary is the key to devising better defensive strategies.”

Logpoint’s research has uncovered the 8base infection chain through malware analysis. 8base use multiple malware families to achieve their goals, including SmokeLoader and SystemBC, in addition to the Phobos ransomware payload. The ransomware group primarily gains initial access through phishing emails and utilizes Windows Command Shell and Power Shell to execute the payload. The adversaries use multiple techniques to ensure persistence within the system, evade defenses, and reach their goals.

Logpoint’s analysis reveals what security teams should look for to detect 8base activity in the system, including suspicious child processes spawned by Microsoft Office products, file executing using WScript or CScript, or scheduled task creation. Knowing the indicators of compromise and TTPs helps organizations proactively identify and mitigate suspicious activities associated with 8base.

“Small and medium-sized organizations must ensure capabilities that enable them to detect and respond to 8base activity at any stage of the infection,” says Anish Bogati. “Proper logging, visibility of assets, and monitoring are essential to a robust cybersecurity strategy because they provide an overview of the network and help to detect anomalies like file dropped in publicly writable folders, modification of registry values and suspicious scheduled task that may indicate a security threat like 8base is at large.”

Read Logpoint’s full report about 8base here and get an in-depth malware analysis, technical analysis, and all means of detecting, investigating, and responding to the threat.

Related links

Topics

Categories

Contacts

Maimouna Corr Fonsbøl

Maimouna Corr Fonsbøl

Press contact Head of PR PR & Communications +45 25 66 82 98

Related content

Logpoint partners with FOXiT to provide foundational cybersecurity technology to customers in Germany

Logpoint and FOXiT partner to secure organizations’ modern IT landscape

Logpoint partners with FOXiT to provide foundational cybersecurity technology to customers in Germany

CABI has selected Logpoints SIEM and SOAR to centralize and structure IT operations and incident response.

CABI chooses Logpoint to increase visibility and bolster cybersecurity defenses

CABI has selected Logpoints SIEM and SOAR to centralize and structure IT operations and incident response.

Logpoint launches Business-Critical Security solution for SAP SuccessFactors to safeguard personal data

Logpoint launches Business-Critical Security solution for SAP SuccessFactors to safeguard personal data

Logpoint releases Business-Critical Security (BCS) for SAP SuccessFactors, a real-time end-to-end security and compliance monitoring solution for SAP SuccessFactors, providing holistic, landscape-wide threat visibility.

Logpoint releases comprehensive new capabilities to its converged cybersecurity operations platform, helping security analysts to work more efficiently and decrease the time to respond to threat

Logpoint launches enhanced observability capabilities to speed up response

Logpoint releases comprehensive new capabilities to its converged cybersecurity operations platform, helping security analysts to work more efficiently and decrease the time to respond to threats. A new case management interface provides a quick overview for security analysts to make managing cases and resolving incidents easier.

Akira: A new ransomware gang wreaks havoc

Akira: A new ransomware gang wreaks havoc

Emerging in March this year, Akira quickly joined the most active ransomware groups as number four. Logpoint has analyzed the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise IoCs enabling protection.

Logpoint has collated a report highlighting the TTPs and IoCs applied by Cactus to create alert rules to detect methods the group uses

Cactus: Defending against a ransomware newcomer

Cactus emerged in March this year and has since built an extensive portfolio of high-profile victims. Logpoint has analyzed Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IoCs) to establish defenses.
COPENHAGEN, Denmark, November 27, 2023 – Cactus has emerged as a sophisticated ransomware group with a severe impact on its victims. The newcomer first appeared in March

The infamous state-sponsored Advanced Persistent Threat (APT) linked to Russia remains active, posing a severe threat to organizations

Cozy Bear: Unmasking the decades-long espionage arsenal

The infamous state-sponsored Advanced Persistent Threat (APT) linked to Russia remains active, posing a severe threat to organizations. Logpoint has analyzed the Tactics, Techniques, and Procedures (TTPs), helping organizations detect the threat actor.

About Logpoint

Headquartered in Copenhagen, Denmark, with offices across Europe, the USA, and Asia, Logpoint is a multinational, multicultural, inclusive cybersecurity company. LogPoint bolsters organizations in the fight against evolving threats by giving them a single source of truth — an intuitively designed platform with the powerful capabilities needed to ensure their safety. Powered by machine learning and backed by an industry-leading support team, Logpoint’s cybersecurity operations platform accelerates detection and response, allowing organizations to respond to tomorrow’s threats.

Logpoint’s core belief lies in creating software that empowers security teams to make confident decisions, feel justified in their choices, and more efficiently protect their organizations. That principle has earned them the trust of more than 1,000 organizations worldwide, as well as a place in Gartner’s Magic Quadrant.

The company’s culture prioritizes passion, innovation, team spirit, and client satisfaction. Together, these values fuel Logpoint’s success across cybersecurity technologies: from SIEM, UEBA, and SOAR to SAP security, converged into an integrated security operations platform, created to protect the digital heart of organizations.

Logpoint
Bryggervangen 55
2100 Copenhagen
Denmark
Our website
Visit our other newsrooms