Infostealers have remained a persistent threat in the cybercrime landscape of 2024, as highlighted in KELA’s “The State of Cybercrime 2024” report. The report reveals a staggering finding of 3.9 billion credentials sourced from infostealer logs, emphasizing the gravity of the threat posed by these malicious actors.
In the realm of cybersecurity, infostealer malware plays a crucial role in harvesting sensitive data such as credentials and financial information. KELA’s research in 2024 uncovered over 4.3 million infected machines with infostealer malware, compromising more than 330 million credentials. The prevalence of variants like Lumma, StealC, and Redline accounted for a significant portion of the malware detected on these compromised machines.
Looking towards the future, KELA predicts that infostealers will continue to serve as a primary access vector for cybercriminals. To combat this threat effectively, they recommend implementing zero trust measures, enforcing multi-factor authentication, and enhancing incident-response practices.
Hacktivists, another group of threat actors, have increasingly turned to ransomware as a means of furthering their political, social, or religious agendas. In 2024, hacktivist groups associated with conflicts such as Russia/Ukraine and Israel/Palestine were prevalent, with over 200 new groups emerging and engaging in more than 3,500 distributed denial of service (DDoS) attacks. These groups leveraged platforms like Telegram for their activities and sought to self-fund through cybercrime beyond donations.
As ransomware and extortion gangs faced crackdowns in 2024, they pivoted towards ransomware-as-a-service (RaaS) models, employing double extortion tactics and targeting supply chain organizations. KELA observed a shift in monetization strategies among these groups and anticipates a continued reliance on RaaS models in the coming year.
Advanced Persistent Threat (APT) groups, often linked to nation-states, are characterized by their prolonged access to networks for disruptive purposes. The 2024 landscape saw significant activity surrounding elections, with suspected influence from countries like Iran, China, and Russia. KELA foresees APT groups blurring the lines between cybercrime and state-sponsored activities in 2025, emphasizing the need for AI tools to combat disinformation and secure critical infrastructure.
The misuse of AI tools like Generative AI-powered models has surged, leading to an increase in compromised accounts. KELA’s research identified compromised accounts linked to tools like ChatGPT and Gemini, with threat actors employing tactics like Prompt injection to bypass safety controls. Looking ahead, KELA warns of the escalating misuse of AI tools for nefarious purposes, stressing the importance of securing integration and educating users on responsible usage.
Amidst the dynamic and uncertain cybersecurity landscape, organizations are urged to adopt a proactive stance in defense. By educating employees, implementing robust access controls in line with a zero-trust framework, and investing in AI tools for threat detection and mitigation, organizations can better protect themselves against evolving cyber threats.
In conclusion, the insights provided by KELA’s report shed light on the multifaceted nature of cyber threats in 2024 and offer valuable recommendations for organizations to safeguard their digital assets in the face of persistent and evolving cyber risks. By staying ahead of threat actors and leveraging advanced security measures, organizations can mitigate the impact of cybercrime and secure their digital environments effectively.