Carbanak banking virus returns with new methods of spreading

Member
Joined
Oct 17, 2023
Messages
55
The NCC Group report summarizes the statistics of ransomware attacks by the end of the year.

According to the NCC Group's monthly threat analysis, the Carbanak banking virus, known since 2014, has updated its methods and is now actively used in ransomware attacks. According to experts, in November 2023, the virus returned with new methods of distribution, in particular, through compromised sites masquerading as popular business programs such as HubSpot, Veeam and Xero.

Carbanak, which was previously used to steal bank data, is now being used by the FIN7 cybercrime group to remotely manage infected systems and extract data. In the latest chain of attacks documented by the NCC Group, hacked websites are targeted to host installers masquerading as legitimate utilities in order to initiate the deployment of Carbanak.

According to the NCC Group, in November, the global level of attacks using ransomware increased by 30% — 442 attacks were recorded, which is a significant increase compared to 341 incidents in October. In total, 4,276 cases were recorded this year, which is less by 1,000 incidents compared to 2021 and 2022 (5,198 cases).

The main targets of the attacks were industry (33%), consumer goods (18%) and healthcare (11%). The majority of attacks occur in North America (50%), Europe (30%) and Asia (10%). Among the most common ransomware families are ALPHV and Play, which account for 47% (or 206 attacks) out of 442.

After the FBI seized ALPHV's infrastructure, it remains unclear how this will affect cyber threats in the near future. The NCC Group noted that by the end of the year, the total number of attacks exceeded 4,000, which is significantly more than in 2021 and 2022, and it will be interesting to see whether the number of ransomware attacks will increase next year.
 
Top