{"id":18518,"date":"2023-12-28T10:05:58","date_gmt":"2023-12-28T10:05:58","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=18518"},"modified":"2023-12-28T10:20:28","modified_gmt":"2023-12-28T10:20:28","slug":"carbanak-is-back","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/carbanak-is-back\/","title":{"rendered":"Carbanak is Back with a New Spreading Tactic"},"content":{"rendered":"

The Carbanak cybercrime group, infamous for its banking malware<\/strong>, has resurfaced with new ransomware tactics, marking a significant evolution in their modus operandi. This development, as reported by the NCC Group, reflects Carbanak’s adaptability and increased threat<\/strong> to global cybersecurity<\/p>\n

Carbanak is Back, Using New Distribution Methods<\/h2>\n

Carbanak’s return is marked by a significant shift in its distribution methods. Compromised websites now host malicious installer files, cunningly disguised as legitimate utilities<\/strong>, to facilitate the deployment of Carbanak. This development coincides with a surge in ransomware attacks, with 442 incidents reported<\/a> in November 2023 alone, a notable increase from the 341 cases in October.<\/p>\n

\"Carbanak<\/p>\n

The latest data shows that industrials, consumer cyclicals, and healthcare<\/strong> are the primary targets for this malware. In total, they constituted 33%, 18%, and 11% of the attacks, respectively. Geographically, North America, Europe, and Asia are the most affected, with 50%, 30%, and 10% of the attacks occurring in these regions\u200b.<\/p>\n

Carbanak Threat Actor Profile<\/h2>\n

Carbanak, also known as Anunak, emerged around 2013 as a cybercrime group specializing in financial theft. Notoriously known for targeting banks and financial institutions<\/strong>, they have stolen an estimated $1 billion from banks globally. Carbanak’s sophisticated methods include spear phishing<\/a>, malware deployment, and network infiltration.<\/p>\n

They are closely linked to FIN7<\/a>, another cybercrime group; however, these are distinct entities. The connection between the two groups lies in their methods and objectives. Both groups used advanced techniques and software to carry out their attacks<\/strong>. For a long time, FIN7 members have used the Carbanak Backdoor toolkit for reconnaissance purposes and to gain a foothold on infected systems.<\/p>\n

What to Expect From Carbanak Return?<\/h2>\n

The repercussions of Carbanak’s resurgence are far-reaching. Financial institutions, as primary targets, face an increased risk of data breaches<\/a> and financial losses. However, the collateral damage extends to individuals, as compromised software can potentially expose personal information<\/strong> and sensitive data.<\/p>\n

Staying Vigilant<\/h2>\n

In light of these developments, it is imperative for organizations and individuals alike to remain vigilant. Here are some essential steps to enhance cybersecurity posture:<\/p>\n