Hackers are now using an old form of banking malware to launch damaging ransomware attacks, new research has claimed.
In their latest Monthly Threat Pulse, cybersecurity experts from NCC Group broke down how a well-known banking malware called Carbanak returned in ransomware attacks.
“First emerging in 2014, Carbanak malware has been used by ransomware gangs to infiltrate financial systems after deploying advanced phishing techniques to compromise bank employees,” the researchers explained. “The malware allows threat groups to gain access to networks through human entry points and criminals to take control of payment processing services.”
Impersonating business software
While a decade old, Carbanak’s popularity dwindled over the years. However, the malware did evolve and is now experiencing a resurgence. It was adopted to incorporate attack vendors and techniques to diversify its effectiveness, it was said.
Now, hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.
Carbanak gained notoriety thanks to its data exfiltration and remote control features, TheHackerNews reported. It started off as banking malware and was observed being used by the FIN7 cybercrime syndicate.
As an attack vector, ransomware is going from strength to strength. Last month, a total of 442 ransomware incidents were reported, up from 341 a month ago, the report states. For the year, ransomware attacks were reported 4,276 times, which is “less than 1000 incidents fewer than the total for 2021 and 2022 combined (5,198).”
Industrials (33%), consumer cyclicals (18%), and healthcare (11%) were the most targeted sectors, located mostly in North America (50%), Europe (30%), and Asia (10%). The most popular ransomware families are LockBit, BlackCat, and Play (responsible for 206 – 47% of all attacks).
“With one month of the year still to go, the total number of attacks has surpassed 4,000 which marks a huge increase from 2021 and 2022, so it will be interesting to see if ransomware levels continue to climb next year,” Matt Hull, global head of threat intelligence at NCC Group, said.