Carbanak is Back with a New Spreading Tactic

Carbanak is Back With New Distribution Channels
The banking malware Carbanak has been observed being used in ransomware attacks with updated tactics.

The Carbanak cybercrime group, infamous for its banking malware, has resurfaced with new ransomware tactics, marking a significant evolution in their modus operandi. This development, as reported by the NCC Group, reflects Carbanak’s adaptability and increased threat to global cybersecurity

Carbanak is Back, Using New Distribution Methods

Carbanak’s return is marked by a significant shift in its distribution methods. Compromised websites now host malicious installer files, cunningly disguised as legitimate utilities, to facilitate the deployment of Carbanak. This development coincides with a surge in ransomware attacks, with 442 incidents reported in November 2023 alone, a notable increase from the 341 cases in October.

Carbanak  New Distribution Methods

The latest data shows that industrials, consumer cyclicals, and healthcare are the primary targets for this malware. In total, they constituted 33%, 18%, and 11% of the attacks, respectively. Geographically, North America, Europe, and Asia are the most affected, with 50%, 30%, and 10% of the attacks occurring in these regions‚Äč.

Carbanak Threat Actor Profile

Carbanak, also known as Anunak, emerged around 2013 as a cybercrime group specializing in financial theft. Notoriously known for targeting banks and financial institutions, they have stolen an estimated $1 billion from banks globally. Carbanak’s sophisticated methods include spear phishing, malware deployment, and network infiltration.

They are closely linked to FIN7, another cybercrime group; however, these are distinct entities. The connection between the two groups lies in their methods and objectives. Both groups used advanced techniques and software to carry out their attacks. For a long time, FIN7 members have used the Carbanak Backdoor toolkit for reconnaissance purposes and to gain a foothold on infected systems.

What to Expect From Carbanak Return?

The repercussions of Carbanak’s resurgence are far-reaching. Financial institutions, as primary targets, face an increased risk of data breaches and financial losses. However, the collateral damage extends to individuals, as compromised software can potentially expose personal information and sensitive data.

Staying Vigilant

In light of these developments, it is imperative for organizations and individuals alike to remain vigilant. Here are some essential steps to enhance cybersecurity posture:

  • Employ multi-factor authentication wherever possible to add an extra layer of security to your accounts.
  • Provide cybersecurity awareness training to employees, emphasizing the importance of not clicking on suspicious links or downloading files from unknown sources.
  • Continuously monitor network traffic for any unusual or suspicious activities that may indicate a compromise.

Carbanak is Back with a New Spreading Tactic

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *