Since the arrest of Carbanak's leader five years ago, the notorious ransomware group is back with a vengeance. The Carbanak ransomware syndicate gained notoriety as a highly effective cybercrime ring targeting financial and banking institutions worldwide. And now, the group has reinvented its method of attacks to reemerge as yet another force to be reckoned with.
Carbanak group's self-named malware has been evolving and improving over time to its now current version. The group recently shifted their ransomware attacks from financial targets to posing as business software like HubSpot and Xero on compromised websites. This allows Carbanak to distribute through these channels disguised as utilities that distribute its malware.
Many attack groups put it to work for them over the years, including links to the notorious Qbot banking Trojan (aka QuakBot and Pinkslipbot). Qbot was known to use Carbanak for their ransomware attacks, but Qbot's command-and-control network was broken up by law enforcement last year. According to Corvus cyber insurance company, ransomware groups are moving away from using Qbot since the takedown. Whether this void leads to further attack opportunities for Carbanak is a bet many are making.
The best response to ransomware is keeping software and hardware updated and patched. Patches get released as new vulnerabilities are discovered. Some weaknesses are found after attackers expose them, some by manufacturers and some by white hat (good guys) hackers. But no matter how they're discovered, patching them as soon as they are available is always the best and safest answer.
Shut The Door! Don't Leave Your Network Open To Account Takeovers
Published February 2, 2024
If your company is like most, it has seventeen sets of login credentials floating around online. According to a study by Arctic Wolf, those credentials exposed in data breaches or other cybercrimes are always welcome on the dark web. They’re typically for sale, but often offered for free, and anyone interested in using them has a digital buffet of login data at their disposal. Arctic Wolf’s report, “2020 Security Operations” sheds light on account takeovers and how easily they can be launched.
Top Malware Loaders Can Really Load The Headaches
Published January 6, 2024
Malware loaders are some of the most challenging security concerns. They are also some of the most common tools that threat actors use to gain initial access to a network, through which they can deliver and run other kinds of malware. These include trojans, ransomware, viruses, or worms. Unfortunately, mitigating one of them might not work for another, even if the loaded malware is the same. This makes them a major headache for IT departments and you.
Fake Browser Updates Source Of Ransomware And Banking Malware
Published November 23, 2023
An all-out alarm reported by Surcuri finds bogus alerts circulating about the need to download the latest browser update. Although it’s always recommended to keep software up to date, this report finds hackers are exploiting that call to action in a big way. Using fake updates isn’t exactly a new hacking exploit, but hackers are getting better at it over time and this latest attack is a solid example of that. In this latest discovery, hackers use email links or script code to compromise a webpage.
Check Point Research Reveals Threats Making a Menace of Themselves in 2023
Published August 12, 2023
Have you heard enough of the Trojan Qbot? Well, that sneaky bot is not going away, nor is it sitting back and being quiet. In fact, per a report by Check Point Research, it’s been hanging around making a cybersecurity menace of itself all throughout the year, thus far. It’s not the only malicious news for the year either. The mobile Trojan SpinOk made its debut and that pesky MOVEit zero-day vulnerability has not moved an inch to stay out of the news.
Is Microsoft OneNote Emailing You Malware? What To Know, What To Do
Published July 23, 2023
Microsoft’s OneNote is making news, but not in the way the software giant would hope. OneNote, the note-taking app that’s part of Microsoft Office, is being weaponized by QBot threat actors. Fans of this handy product, whether for business or personal use, should know QBot’s email phishing campaign takes plenty of notes and leads to stolen passwords, hijacked financial and browser data, and just about anything else there is to steal. The attachment not only infects the device of the one who opened it, but added trickery can infect every device in an email conversation thread.
