The Rise of 8Base: A Global Threat to Small Businesses

Ransomware Group 8base Comes to Light

A ransomware group known as 8base has recently emerged from the shadows after operating discreetly for over a year. The group has gained attention due to a series of business data leaks on the Dark Web. 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs) since at least April 2022. The group reached a turning point in May when they dumped data belonging to 67 organizations in the cyber underground. As NCC Group’s global head of threat intelligence, Matt Hull, reveals, 8base continues to be active this month, doxxing 29 new businesses. Little is currently known about the tactics, techniques, and procedures (TTPs) used by 8base, likely due to the low profile of their victims.

Wide Range of Victims

The victims targeted by 8base encompass various industries and geographical regions. The group’s victims include a British cleaning company, a sanitation company in Egypt, a private school in a Boston suburb, and a CPA in New York, among others with similar profiles. These victims come from sectors such as science and technology, manufacturing, retail, construction, and healthcare. Geographically, they are spread across the globe, with victims in regions like North America, South America, India, Peru, and Madagascar. Notably, Brazil has seen a recent surge in cyberattacks, with a dozen Brazilian organizations falling victim to 8base in both May and June.

Understanding 8base‘s Operation

While much remains unknown about the workings of 8base, their preferred mode of operation is clear. On their leak site, the group has posted 13 rules for themselves and their victims, written in pseudo-legalese. These rules include prohibitions on the participation of police departments and the sharing of personal data with third parties. However, the group’s claims of honesty and simplicity are dubious. According to their About Us page, they describe themselves as “honest and simple pentesters,” suggesting that the targeted companies neglected data privacy and the importance of their employees’ and customers’ information.

NCC Group’s Matt Hull notes that 8base is not the first group to adopt this mode of operation. He believes it is a result of other groups’ success with similar tactics. However, defending against these types of attacks is a challenge, especially for organizations with limited budgets. Small businesses, in particular, struggle to afford advanced detection capabilities or a Security Operations Center (SOC). Nevertheless, Hull emphasizes that everyone, both individuals and small businesses, can take essential steps to enhance security within their means.

Focusing on the Fundamentals for Improved Security

Hull suggests three fundamental changes that individuals and small businesses can implement to improve their security: password hygiene, multifactor authentication, and social engineering awareness. Strengthening password practices, adopting multifactor authentication as an additional layer of security, and educating employees about social engineering techniques can go a long way in bolstering defenses. These changes are relatively simple and accessible, even for organizations with limited resources.

Overall, the rise of 8base and their tactics underscore the pressing need for businesses to prioritize cybersecurity. It highlights the importance of investing in basic security measures and maintaining vigilance against evolving threats.