A recent report detailing Carbanak threats demonstrated that the Advanced Persistent Threat (APT) and malware is increasingly used along with new tactics to successfully target executives at financial institutions in the Middle East, US and Europe.
The Proofpoint report noted that criminal groups are using spear-phishing emails that deliver the Carbanak malware or popular remote access Trojans (RATs) like jRAT, Netwire, and Cybergate. These groups do this to probe the operations procedures of payment processors, ATM networks, and transaction processing systems. The emails sent by these criminal groups contained links that loaded malware or attachments to documents containing malicious macros.
The report comes a month after Kaspersky Labs noted that the Carbanak APT had re-emerged and was being used by criminal groups to gain control over ATM machines. The Russian cyber-criminal group Metel used Carbanak to automate the rollback of ATM transactions. Last year, researchers at Trend Micro linked the Carbanak campaign to point-of-sale malware attacks that occurred in late 2014.