Carbanak Malware Returns in Ransomware Attacks
In November 2023, cybersecurity researchers at NCC Group reported a troubling resurgence of the infamous banking malware, Carbanak. Originally detected by Kaspersky Lab in 2015, this sophisticated malware has been linked to the theft of over $300 million from approximately 100 financial institutions.
The Evolution of Carbanak
Since its initial discovery, Carbanak has evolved significantly. Initially deployed as a tool for stealing bank credentials through targeted phishing attacks, the malware has exhibited a cunning ability to adapt its tactics. In its latest incarnation, it has been observed in ransomware attacks, representing a notable shift in purpose and strategy.
The malware exploits human error, gaining initial access to banking networks through phishing techniques aimed at bank employees. From there, it often takes control of payment processing systems, executing elaborate schemes to siphon funds discreetly.
Recent Developments and New Techniques
The NCC Group’s report emphasized how Carbanak’s recent return is marked by advancements in its distribution techniques. Though its prevalence had dropped in prior months, November saw an unexpected resurgence. The report highlighted how the malware has incorporated various attack vectors and diversified its effectiveness.
Notably, Carbanak has begun using compromised websites to pose as legitimate business software. This new distribution method included impersonations of popular platforms like the CRM tool HubSpot, data management software Veeam, and accounting solution Xero. Such tactics not only illustrate the adaptability of the Carbanak group but also underscore a growing sophistication in their approach.
Ransomware Attacks on the Rise
The landscape of ransomware attacks experienced dramatic changes in November, with NCC Group reporting a staggering 67% increase in such incidents compared to 2022. Additionally, the frequency of ransomware infections surged up to 30% from October. This uptick poses a significant risk to industries across the board.
The sectors most affected include:
- Industrials: 33%
- Consumer Cyclicals: 18%
- Healthcare: 11%
Regionally, North America bore the brunt of these attacks, accounting for 50% of incidents, followed by Europe at 30% and Asia at 10%.
The Role of LockBit
Amidst this tumultuous rise in ransomware activity, the LockBit ransomware gang emerged as a leading threat actor in November 2023. Known for its aggressive strategies and high-profile attacks, LockBit’s activities have contributed significantly to the overall increase in ransomware incidents.
Summary
The resurgence of Carbanak malware underscores not just the cyclical nature of cyber threats, but also the necessity for ongoing vigilance in cybersecurity. As the sophistication of these attacks grows, organizations must remain proactive in securing their networks and safeguarding sensitive information.
For the latest updates, follow cybersecurity experts and organizations on Twitter and other social media platforms. Cybersecurity is a collective effort, and shared information is vital in combating threats like Carbanak and LockBit.
For more insights, you can follow Pierluigi Paganini on Twitter or LinkedIn.