The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics.
“The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness,” cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023.
“Carbanak returned last month through new distribution chains and has been distributed through compromised websites to impersonate various business-related software.”
Some of the impersonated tools include popular business-related software such as HubSpot, Veeam, and Xero.
Carbanak, detected in the wild since at least 2014, is known for its data exfiltration and remote control features. Starting off as a banking malware, it has been put to use by the FIN7 cybercrime syndicate.
UPCOMING WEBINAR
From USER to ADMIN: Learn How Hackers Gain Full Control
Discover the secret tactics hackers use to become admins, how to detect and block it before it’s too late. Register for our webinar today.
Join Now
In the latest attack chain documented by NCC Group, the compromised websites are designed to host malicious installer files masquerading as legitimate utilities to trigger the deployment of Carbanak.
The development comes as 442 ransomware attacks were reported last month, up from 341 incidents in October 2023. A total of 4,276 cases have been reported so far this year, which is “less than 1000 incidents fewer than the total for 2021 and 2022 combined (5,198).”
The company’s data shows that industrials (33%), consumer cyclicals (18%), and healthcare (11%) emerged as the top targeted sectors, with North America (50%), Europe (30%), and Asia (10%) accounting for most of the attacks.
As for the most commonly spotted ransomware families, LockBit, BlackCat, and Play contributed to 47% (or 206 attacks) of 442 attacks. With BlackCat dismantled by authorities this month, it r ..
Support the originator by clicking the read the rest link below.
