A significant increase in the number of attacks on small and medium sized organizations in Canada and other countries has prompted cybersecurity platform provider, Logpoint, to publish a new emerging threat report, entitled Defending Against 8Base: Uncovering Their Arsenal and Crafting Responses.

Heavily technical, the report documents the rise of the 8Base Ransomware group, provides a malware and technical analysis, detection options and recommendations. “While their actions began in March 2022, it wasn’t until May 2023 that a substantial increase in their activities became apparent. This placed them among the top five most active ransomware groups in both June and July 2023,” the report states.

“In recent years, the threat landscape has witnessed a rapid increase in the proliferation of ransomware gangs. Among these, 8Base Ransomware stands out as a formidable and sophisticated adversary, necessitating a comprehensive analysis of its tactics, techniques and procedures. This in-depth report aims to shed light on the evolving nature of 8Base Ransomware, its impact on organizations and the emerging trends that pose significant risks.” 

According to the report, Canada is in the top five countries targeted by the group’s operations. It focuses on various sectors, including finance, and targets small and medium-sized organizations. The technical analysis covers initial access, execution, persistence, the discovery phase for adversaries and their actions which occur during the discovery phase, and defense evasion.

In making recommendations, the firm suggests providing regular training to employees on how to recognize and respond to social engineering attacks, run simulations and incident response drills to help identify vulnerable employees and create a formal process for reporting when employees suspect they’ve fallen victim to a social engineering attack. The report also recommends mandating lengthy passwords, applying the principle of least privilege – this, they say, involves restricting user access and permissions to only what is necessary – and regularly auditing privileged accounts.

“Having proper logging, visibility of assets and monitoring of systems are essential components of a robust cybersecurity strategy. These measures provide an overview of the network and help to detect anomalies that may indicate a security threat,” they write. “Perform network segmentation to keep important systems and sensitive data apart from the rest of the network.”