Recent analyses have unveiled a concerning evolution of the notorious Carbanak banking malware. This malware, known for its historical infiltration into financial systems, has resurfaced with a new strategy: incorporating ransomware tactics into its arsenal.
The shift is evident in recent ransomware attacks, occurring in November 2023. Carbanak’s resurgence utilizes updated techniques, now disseminating through compromised websites that impersonate various business-related software, including well-known platforms like HubSpot, Veeam, and Xero.
Originally identified in 2014, Carbanak initially gained notoriety for its data extraction capabilities and remote control functionalities. It has since been employed by the FIN7 cybercrime syndicate, adapting its tactics over time. Researcher analysis traces the recent attack chain, where compromised websites host deceptive installer files masquerading as legitimate utilities, facilitating the deployment of Carbanak onto unsuspecting systems.
This resurgence coincides with a concerning surge in ransomware incidents, with 442 reported attacks in November alone—an increase from 341 in October 2023. Yearly totals have surpassed 4,276 cases, almost equaling the combined total for 2021 and 2022 (5,198). Notably, industrial sectors (33%), consumer cyclicals (18%), and healthcare (11%) have been the primary targets, predominantly in North America (50%), Europe (30%), and Asia (10%).
In the landscape of ransomware families, LockBit, BlackCat, and Play have been prevalent, contributing to 47% of the recorded attacks. With the recent dismantling of BlackCat by authorities, there’s anticipation regarding the potential impact on the threat landscape.
A cyber insurance firm, corroborates the November surge, identifying 484 new ransomware victims whose data was posted on leak sites. The shift away from QBot exploits, driven by law enforcement takedowns and alternative malware families, signifies a strategic pivot for ransomware groups.
However, the challenges persist. Despite law enforcement actions against QBot and Microsoft’s disclosures on phishing campaigns distributing malware, the cyber landscape remains complex, underscoring the difficulties in fully dismantling these malicious groups.
Organizations should prioritize robust cybersecurity measures, including regular system updates, stringent network monitoring, and comprehensive employee training to recognize and thwart phishing attempts. Implementing multi-factor authentication, employing strong password policies, and utilizing reputable security solutions can fortify defenses against evolving threats like Carbanak.
