Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to diversify its effectiveness, according to cybersecurity firm NCC Group. In an analysis of ransomware attacks that occurred in November 2023, NCC Group highlighted Carbanak’s return through new distribution chains, with compromised websites being used to distribute the malware disguised as various business-related software.

Carbanak, which has been detected in the wild since at least 2014, is known for its data exfiltration and remote control features. Initially a banking malware, it has been utilized by the FIN7 cybercrime syndicate. The recent attack chain documented by NCC Group involves compromised websites hosting malicious installer files that masquerade as legitimate utilities, triggering the deployment of Carbanak.

The resurgence of Carbanak comes amidst a significant increase in ransomware attacks. In November alone, 442 ransomware attacks were reported, up from 341 incidents in October 2023. So far this year, a total of 4,276 cases have been reported, which is less than 1000 incidents fewer than the combined total for 2021 and 2022.

NCC Group’s data reveals that the top targeted sectors for ransomware attacks are industrials (33%), consumer cyclicals (18%), and healthcare (11%). Geographically, North America (50%), Europe (30%), and Asia (10%) account for the majority of the attacks.

Among the most commonly observed ransomware families, LockBit, BlackCat, and Play contributed to 47% of the attacks. However, with BlackCat recently dismantled by authorities, the impact on the threat landscape remains to be seen.

Matt Hull, the global head of threat intelligence at NCC Group, expressed concern about the increasing number of ransomware attacks, stating that the total number of attacks has already surpassed 4,000 for the year. He emphasized the need to monitor whether ransomware levels will continue to climb in the coming year.

Corroborating the spike in ransomware attacks in November, cyber insurance firm Corvus reported identifying 484 new ransomware victims posted to leak sites. The firm noted that ransomware groups have successfully shifted away from QBot, attributing the change to a law enforcement takedown of QBot’s infrastructure. However, Microsoft recently disclosed details of a low-volume phishing campaign distributing the malware, highlighting the challenges in fully dismantling these groups.

In addition to Carbanak’s resurgence, Kaspersky revealed the security measures of Akira ransomware, which prevent its communication site from being analyzed. The Russian cybersecurity company also highlighted ransomware operators’ exploitation of security flaws in the Windows Common Log File System (CLFS) driver for privilege escalation.

As the threat landscape continues to evolve, organizations and individuals must remain vigilant against ransomware attacks. The increasing sophistication and adaptability of malware like Carbanak underscore the need for robust cybersecurity measures and proactive defense strategies.

Disclaimer: The content of this article has been syndicated from a feed and may feature elements that are auto-generated, with minor edits to the body and headline.

Security Report News

Security Report News and guest post account. Opinions and views expressed by guest authors are their own and not necessarily endorsed by Security Report Ltd. or our affiliates.

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

4 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

5 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

5 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

1 year ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

Royal Mail online tracking returns — with a frustrating captcha that works half the time

Mysterious week-long outage impacting the Royal Mail tracking website is subsiding, but with caveats. Meanwhile,…

2 years ago

This website uses cookies.