Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

The Carbanak APT - Redefining Banking Malware

Wade Williamson
February 19, 2015

Recent research from Kaspersky has revealed a massive criminal campaign that was able to infiltrate more than 100 different banks and steal upwards of $1 billion from the affected institutions. Kaspersky dubbed this operation the Carbanak APT due to a connection between the malware used in the attacks and the now infamous Carberp banking botnet. You may recall the headlines in 2013 that revealed the Carberp source code had been leaked into the wild, making it accessible to virtually any would-be criminal group that may want it. The accessibility of Carberp source code could easily have provided a starting point for the Carbanak as they built their malware.

However, while Carberp and Carbanak may share a common lineage and both targeted the banking sector, it is readily evident that these are very different animals. While Carberp was a banking botnet that stole money from banking customers using Man-in-the-Browser (MitB) techniques, Carbanak is a full-fledged APT campaign focused on infiltrating the banks themselves and stealing money directly from the bank, not its customers. The Carbanak attackers were both clever enough to remain hidden in the network and patient enough to learn precisely how to steal money based on the inner workings of the targeted bank.

Watch this video to learn more about how the Vectra AI X-series platform can instantly detect targeted cyberattacks in progress to prevent or mitigate loss.

There are a variety of interesting lessons to be gleaned from this operation and I have written a short article in SecurityWeek on a few of them. At the very least, this attack will provide a stark reminder of the importance of tracking any and all forms of remote access tunnels being used in the network, especially in relation to your most important assets. Stay tuned for more analysis on this attack from the team here at Vectra, and in the mean time check out the article on SecurityWeek.

About the author

Wade Williamson

Wade Williamson is a cybersecurity writer, product manager and marketer. Wade held a position as director of product marketing at Vectra with previous experience as a security researcher at Shape Security. Prior to Shape Security, he was a senior security analyst at Palo Alto Networks.

Author profile and blog posts

Most recent blog posts from the same author

Threat detection

Will IDS ever be able to detect intrusions again?

November 3, 2015
Read blog post

Bringing attack detections to the data center

September 13, 2016
Read blog post

The new vulnerability that creates a dangerous watering hole in your network

July 12, 2016
Read blog post