Carbanak source code leak: What’s next?

[harlan4096]

Recently, news about Carbanak broke on various media outlets. Security researchers had found the source code of the infamous malware on the open VirusTotal portal. Carbanak is known as the most successful financial cyberthreats to date, causing estimated financial losses of as much as $1 billion.

A look back at Carbanak history

Our experts initially discovered and analyzed Carbanak back in 2014. They had begun investigating numerous incidents of cash being stolen from bank ATMs, but discovered that those incidents were linked — it was a huge international campaign aimed at stealing a lot of money from various banks all over the world. Initially, our experts were investigating incidents only in Eastern Europe, but they soon found more victims — in the US, Germany, and China.

Like many other attacks, this campaign started with spear phishing. In this case, it was well-aimed e-mail armed with malicious attachments that installed a back door based on Carberp malware. That back door provided entry into the target organization’s entire network — in this case, banks’ networks — compromising computers that could give the malefactors an opportunity to extract money.

The perpetrators had several paths to the money. In some cases, they remotely instructed ATMs to dispense cash, which mules collected. In others, they used the SWIFT network to transfer money directly into their accounts. These methods were not widely exploited back in 2014, so the scale and the technologies Carbanak employed shook both the banking and the cybersecurity industry.

What does the future hold?

Since Carbanak’s discovery, our experts have seen several attacks (Silence, for example) attempting similar tactics and tracked other signs of the same criminal group, which remained quite active. But now that Carbanak’s source code has gone public, such incidents may become significantly more frequent; it’s now available to malefactors who lack the coding skills to produce such complicated malware on their own. Kaspersky Lab researcher Sergey Golovanov, who has investigated this case from the start, has something to say about that:

“The fact that the source code of the infamous Carbanak malware was available on an open source website is a bad omen. Indeed, the Carbanak malware itself was initially built on the source code of Carberp malware after it was published online. We have every reason to believe that this scenario is only going to repeat itself and that we will see some dangerous modifications of Carbanak in the future. The good news is that since the Carberp leak, the cybersecurity industry has evolved significantly, and can now easily recognize the modified code. We urge companies and individuals to protect themselves against this and future threats with a robust security solution.”

Continue Reading