The Carbanak cybercrime group, infamous for its banking malware, has resurfaced with new ransomware tactics, marking a significant evolution in their modus operandi. This development, as reported by the NCC Group, reflects Carbanak’s adaptability and increased threat to global cybersecurity
Carbanak is Back, Using New Distribution Methods
Carbanak’s return is marked by a significant shift in its distribution methods. Compromised websites now host malicious installer files, cunningly disguised as legitimate utilities, to facilitate the deployment of Carbanak. This development coincides with a surge in ransomware attacks, with 442 incidents reported in November 2023 alone, a notable increase from the 341 cases in October.
The latest data shows that industrials, consumer cyclicals, and healthcare are the primary targets for this malware. In total, they constituted 33%, 18%, and 11% of the attacks, respectively. Geographically, North America, Europe, and Asia are the most affected, with 50%, 30%, and 10% of the attacks occurring in these regions.
Carbanak Threat Actor Profile
Carbanak, also known as Anunak, emerged around 2013 as a cybercrime group specializing in financial theft. Notoriously known for targeting banks and financial institutions, they have stolen an estimated $1 billion from banks globally. Carbanak’s sophisticated methods include spear phishing, malware deployment, and network infiltration.
They are closely linked to FIN7, another cybercrime group; however, these are distinct entities. The connection between the two groups lies in their methods and objectives. Both groups used advanced techniques and software to carry out their attacks. For a long time, FIN7 members have used the Carbanak Backdoor toolkit for reconnaissance purposes and to gain a foothold on infected systems.
What to Expect From Carbanak Return?
The repercussions of Carbanak’s resurgence are far-reaching. Financial institutions, as primary targets, face an increased risk of data breaches and financial losses. However, the collateral damage extends to individuals, as compromised software can potentially expose personal information and sensitive data.
Staying Vigilant
In light of these developments, it is imperative for organizations and individuals alike to remain vigilant. Here are some essential steps to enhance cybersecurity posture:
- Employ multi-factor authentication wherever possible to add an extra layer of security to your accounts.
- Provide cybersecurity awareness training to employees, emphasizing the importance of not clicking on suspicious links or downloading files from unknown sources.
- Continuously monitor network traffic for any unusual or suspicious activities that may indicate a compromise.
