Hackers are now using an old form of banking malware to launch malicious ransomware attacks, new research shows.
In their latest Monthly Threat Pulse, cybersecurity experts at NCC Group detailed how a well-known banking malware called Carbanak returned to ransomware attacks.
“Carbanak malware first emerged in 2014 and was used by ransomware gangs to infiltrate financial systems after deploying sophisticated phishing techniques to compromise bank employees,” the researchers explain. “The malware allows threat groups to access networks through human access points and criminals to take control of payment processing services.”
Mimicking enterprise software
Although he was ten years old, Carbanak's popularity waned over the years. However, the malware has evolved and is now experiencing a resurgence. It was adopted to integrate attack vendors and techniques to diversify its effectiveness, it was said.
Now hackers are using compromised websites to host the malware, masquerading as popular enterprise-related software like HubSpot, Veeam, or Xero.
Carbanak rose to prominence thanks to its data exfiltration and remote control functions. The HackerNews reported. It started as banking malware and was observed to be used by the cybercrime syndicate FIN7.
Ransomware is becoming increasingly powerful as an attack vector. A total of 442 ransomware incidents were reported last month, compared to 341 a month ago, the report said. During the year, ransomware attacks were reported 4,276 times, which is “less than 1,000 incidents fewer than the total for 2021 and 2022 combined (5,198).”
Industrial (33%), consumer cyclical (18%) and healthcare (11%) were the most targeted sectors, mainly located in North America (50%), Europe (30%) and Asia (10%) . The most popular ransomware families are LockBit, BlackCat and Play (responsible for 206 – 47% of all attacks).
“With one month of the year left, the total number of attacks has surpassed 4,000, marking a huge increase over 2021 and 2022, so it will be interesting to see if ransomware levels continue to rise next year” , Matt Hull, global head of threat intelligence at NCC Group, said.