FIN12 Threat Group Speeds Up Ransomware Attacks to Just Two Days After Initial Access

Whats in a Ransomware GangAs detection times are reducing across the board, threat groups are improving their craft and are prioritizing speed as the key ingredient in ransomware attacks.

According to security vendor Mandiant’s M-Trends 2022 Report, the good news is the average dwell time for threat actors before being detected is down from 28 days to only 21 days. This does mean detection is getting better, but the bad news they’re still on your network for 21 days before being found out.

But it gets worse.

Mandiant focuses in on a threat group they call FIN12 – a “financially motivated threat group behind prolific RYUK ransomware attacks dating to at least October 2018.” Mandiant believes they are relying on initial access brokers to provide entrée into chosen victim networks. What makes this threat group so dangerous is that their average dwell time from initial access to encryption was only 5 days back in the first half of 2020. Now it’s only two days.

Put this all together and your average organization’s detection time is about ten times too slow for the likes of FIN12.

But your focus really shouldn’t be on FIN12; it should be on the initial attack partners that are likely being tasked to gain access to select victim organizations. Phishing remains the number one initial attack vector, shifting your focus from “what do I do about FIN12?” to “how do I stop phishing attacks that are providing FIN12 the needed foothold?”

The most impactful way to stop phishing attacks is through Security Awareness Training that educates users on social engineering techniques used, helping users to vigilantly spot suspicious email content before malicious code can be run to secure the initial access FIN12 needs.

Now, not all cybercriminal groups are FIN12. But you can believe that other groups are going to attempt to replicate FIN12’s successes by using the same model, making phishing a primary concern for your cybersecurity strategy.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Ransomware

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews