A view of the H2 2024 risk panorama as seen by ESET telemetry and from the attitude of ESET risk detection and analysis specialists
16 Dec 2024
•
,
3 min. learn
Within the common cat-and-mouse recreation with defenders, the second half of 2024 has seen the cybercriminals conserving busy, discovering safety loopholes and revolutionary methods to broaden their sufferer pool. In consequence, we’ve seen new assault vectors and social engineering strategies, new threats skyrocketing in our telemetry, and takedown operations resulting in shake-ups of established cybercriminal ranks.
Infostealers are one of many risk classes to expertise a reshuffle, with the long-dominant Agent Tesla malware dethroned by Formbook – a well-established risk designed to steal all kinds of delicate knowledge. Regardless of being round for nearly a decade, Formbook continues to draw a large legal consumer base due to its malware-as-a-service (MaaS) mannequin and steady improvement.
Lumma Stealer, a more moderen addition to the infostealer scene, and one other MaaS, is changing into more and more wanted by cybercriminals: showing in a number of notable malicious campaigns in H2 2024, ESET telemetry noticed its detections shoot up nearly 400% between reporting durations. RedLine Stealer, one other infamous “infostealer as a service”, met a really completely different destiny: after a takedown by worldwide authorities in October 2024, RedLine Stealer seems to have reached the top of its line. We are able to, nevertheless, count on that its demise will result in the growth of different comparable threats, wanting to fill its place.
Unsurprisingly, with cryptocurrencies reaching report values in H2 2024, cryptocurrency pockets knowledge was one of many prime targets of malicious actors. In our telemetry, this was mirrored in an increase in cryptostealer detections throughout a number of platforms. Curiously, the rise was probably the most dramatic on macOS, the place so-called Password Stealing Ware – closely focusing on cryptocurrency pockets credentials – greater than doubled in comparison with H1. Additional, Android monetary threats, focusing on banking apps in addition to cryptocurrency wallets, grew by 20%.
Android and iOS customers alike must be looking out for a novel assault vector, caught within the wild and analyzed by ESET researchers in H2 2024. In these assaults, cybercriminals have leveraged Progressive Net App (PWA) and WebAPK applied sciences to bypass conventional safety measures tied to cell apps. Since neither PWAs nor WebAPKs require customers to grant express permissions to put in apps from unknown sources, cell customers could find yourself unwittingly putting in malicious apps that steal banking credentials. And except there’s a change in how cell platforms strategy these applied sciences, we anticipate that extra refined and various phishing campaigns using PWAs and WebAPKs will emerge.
Social media waters have turn out to be much more murky not too long ago, with a flood of latest scams cropping up, utilizing deepfake movies and company-branded posts to lure victims into fraudulent funding schemes. These scams, tracked by ESET as HTML/Nomani, noticed a 335% improve in detections between reporting durations, and we don’t count on their progress to decelerate.
H2 2024 additionally gave rise to a brand new rip-off focusing on customers of standard lodging reserving platforms, resembling Reserving.com and Airbnb. Utilizing a toolkit named Telekopye, initially developed to defraud individuals on on-line marketplaces, the scammers use compromised accounts of official lodging suppliers to single out individuals who have not too long ago booked a keep, then goal them with fraudulent fee pages.
The ransomware panorama was reshaped by the takedown of former chief LockBit, making a vacuum to be crammed by different actors. RansomHub, a ransomware as a service first noticed in H1 2024, stacked up a whole lot of victims by the top of H2 2024, establishing itself because the newly dominant participant.
I want you an insightful learn.
Observe ESET analysis on Twitter for normal updates on key developments and high threats.
To study extra about how risk intelligence can improve the cybersecurity posture of your group, go to the ESET Menace Intelligence web page.
