Carbanak Banking Virus Updates Methods
According to monthly threat analysis by NCC Group, the well-known Carbanak banking virus has recently updated its techniques and is now being actively used in attacks through carrier programs.
The Carbanak virus, initially discovered in 2014 and previously utilized for stealing banking data, has now become a tool for the FIN7 cybercrime group to remotely control infected systems and extract data. In November 2023, this virus made a comeback with new spreading methods, primarily through compromised websites that impersonate popular business programs like HubSpot, Veeam, and Xero.
Increase in Global Attacks
According to NCC Group’s findings, the global level of attacks involving robber programs experienced a significant rise in November. A total of 442 attacks were documented, marking a 30% increase compared to the 341 incidents in October. Throughout this year, a total of 4,276 cases have been recorded, which is still lower than the figures for 2021 and 2022, amounting to 5,198 cases.
Main Targets and Regions
Industries were the primary focus of these attacks, accounting for 33% of the targets. Consumer goods followed with 18%, and healthcare with 11%. In terms of geographical distribution, North America was the most attacked region, accounting for 50% of the incidents. Europe faced 30% of the attacks, while Asia was targeted in 10% of cases.
Families of Extortion Programs
The most commonly encountered families of extortion programs were Alphv and Play, which accounted for 47% of the total attacks (206 out of 442).
Future Implications
Following the apprehension of the Alphv infrastructure by the Federal Bureau of Investigation (FBI), the impact on cyber threats in the upcoming period remains uncertain. NCC Group highlighted that the total number of attacks surpassed 4,000 by the end of the year, significantly surpassing the figures from 2021 and 2022. It will be intriguing to observe whether the number of extortion attacks will continue to grow in the coming year.