The second half of 2024 has proven to be a challenging time for cybersecurity experts, as cybercriminals have been relentless in their pursuit of finding vulnerabilities and new ways to target unsuspecting victims. ESET telemetry and research experts have been closely monitoring the evolving threat landscape, uncovering new attack vectors, social engineering methods, and the rise of various malicious activities.
One significant development in the threat landscape is the shift in dominance among infostealers. The long-standing Agent Tesla malware has been replaced by Formbook, a formidable threat known for its ability to steal a wide range of sensitive data. Despite being in existence for almost a decade, Formbook continues to attract cybercriminals due to its malware-as-a-service (MaaS) model and continuous updates. Another newcomer, Lumma Stealer, has also gained popularity in H2 2024, with detections increasing by nearly 400% in a short period. However, the demise of RedLine Stealer, following a takedown operation by international authorities, highlights the ever-changing nature of the cyber threat landscape.
As cryptocurrencies surged in value in the latter half of 2024, malicious actors shifted their focus towards targeting cryptocurrency wallet data. Cryptostealer detections increased across multiple platforms, with a notable spike in macOS-based attacks targeting cryptocurrency wallet credentials. Additionally, Android financial threats, aimed at banking apps and cryptocurrency wallets, also saw a 20% increase, emphasizing the growing threat landscape in the mobile sector.
In a novel attack vector observed by ESET researchers, cybercriminals have leveraged Progressive Web App (PWA) and WebAPK technologies to bypass traditional mobile app security measures, posing a significant risk to Android and iOS users. These attacks could potentially lead to the installation of malicious apps that steal sensitive information, such as banking credentials. The evolution of such sophisticated phishing campaigns using PWAs and WebAPKs underscores the need for enhanced security measures on mobile platforms.
The realm of social media has not been immune to malicious activities, with a surge in scams utilizing deepfake videos and fraudulent investment schemes. ESET has tracked a 335% increase in HTML/Nomani scams between reporting periods, indicating a growing trend in exploiting social media platforms for nefarious purposes. Additionally, a new scam targeting users of accommodation booking platforms like Booking.com and Airbnb, using a toolkit named Telekopye, has emerged as a threat to unsuspecting users.
The ransomware landscape also witnessed significant changes, with the takedown of LockBit paving the way for new actors to emerge. RansomHub, a ransomware-as-a-service platform first detected in H1 2024, quickly gained traction and established itself as a dominant player by the end of H2 2024.
Overall, the evolving threat landscape in H2 2024 underscores the need for organizations and individuals to remain vigilant and adopt robust cybersecurity measures to mitigate the risks posed by cybercriminals. The continuous evolution of threats highlights the importance of staying informed and proactive in defending against malicious activities in the digital realm. For regular updates on key trends and top threats, follow ESET research on Twitter and explore ESET Threat Intelligence to enhance your organization’s cybersecurity posture.