By Idowu Bankole

In a significant cybersecurity achievement, Nigerian cybersecurity researcher Christian Bassey has identified the methods employed by the Russian cybercrime group FIN7 to distribute the JSSLoader trojan – a malicious remote access trojan – to infected computers.

FIN7 has gained notoriety for its sophisticated attacks on financial institutions and retail businesses. The group’s adoption of XLL files represents a significant evolution in its tactics, as it strives to circumvent traditional security measures. This underscores the dynamic nature of cyber threats and the necessity for adaptive cybersecurity measures.

Christian’s detailed analysis utilized adversary emulation and malware analysis. FIN7 techniques were studied and replicated during the adversary emulation phase to determine the group’s infection vector, techniques, tactics, and procedures. Once the entry vector was identified, a copy of the malicious file being distributed to victims was reversed to identify artifacts that would be useful for detection.

The research showed that FIN7 leveraged a version of Microsoft Excel plugin (XLL) files typically received by email to exploit misconfigurations and software vulnerabilities in older versions of Microsoft Excel to rule a reverse shell calling back to a command and control server. In his work, Christian also highlighted the MITRE ATT&CK techniques mapped to FIN7 activity for improved security detection coverage.

Christian’s work goes beyond theory. He demonstrates how the identified TTPs could be detected using the Wazuh security information and event management (SIEM) capability. This practical application allows for monitoring suspicious activities, such as unsigned binary executions, unusual DNS queries, and the creation of unauthorized temporary files – all typical indicators of a potential FIN7 attack.

Christian’s research is not only innovative but also a unique contribution to the field. His creation of rules to identify the detected TTPs of FIN7 not only enhances organizations’ protection but also showcases his depth of experience and contributions to the global cybersecurity landscape.

Christian’s groundbreaking work has advanced the understanding of FIN7’s methodologies and contributed significantly to global cybersecurity defenses. By developing precise detection rules and enhancing threat detection frameworks, Christian has provided organizations worldwide with the tools to protect against increasingly sophisticated cyber threats. His research is a testament to the crucial role that Nigerian cybersecurity experts play in the global fight against cybercrime, demonstrating unparalleled dedication and expertise in safeguarding digital assets.