ESET Analysis, Menace Stories
As ESET telemetry reveals, a sprawling landscape of cyber threats materializes in the H2 2024 menace panorama, with ESET’s menace detection and analysis experts surveying the terrain.
As the stakes escalate in the perpetual game of cat-and-mouse between cybersecurity experts and cybercriminals, the second half of 2024 has witnessed a surge in nefarious activity, with malicious actors relentlessly probing for vulnerabilities and devising innovative tactics to expand their scope of potential victims. As a direct result, the cybersecurity landscape has witnessed an uptick in novel attack methods and sophisticated social engineering tactics, accompanied by a sharp surge in threat activity as reflected in our telemetry data, and high-profile takedowns that have significantly disrupted the operations of well-established criminal organizations.
Infostealers, a category of malicious threats, have undergone a significant shift, as the previously dominant Agent Tesla malware has been eclipsed by Formbook, a notorious and highly capable information stealer designed to plunder sensitive data. Despite being on the scene for almost a decade, Formbook’s malware-as-a-service model and continuous evolution have allowed it to maintain a significant criminal user base.
Lumma Stealer, a relatively new entrant in the infostealer landscape, has gained immense popularity among cybercriminals, as evident from its increasing presence in several notable malicious campaigns during H2 2024. Notably, ESET telemetry observed a staggering 400% surge in detections between reporting periods, underscoring its growing appeal. Following the international authorities’ takedown of RedLine Stealer, an infamous “infostealer-as-a-service”, in October 2022, it appears that this notorious malware has finally reached the end of its run. As one entity declines, we can reasonably expect other potential dangers to emerge and expand, seeking to capitalize on the power vacuum left behind.
Notably, as cryptocurrencies surged to unprecedented heights in the second half of 2024, cryptocurrency wallet expertise became a top priority for nefarious hackers to exploit. Our telemetry data revealed a mirrored trend: a significant surge in Cryptostealer detection across multiple platforms. With a surge on macOS, the notorious Password Stealing malware, targeting cryptocurrency wallets, more than doubled its attack surface in the first half of the year compared to the same period last year? Malicious activities targeting Android-based financial transactions surged by 20%, with a heightened focus on compromising banking applications and cryptocurrency wallets.
Researchers at ESET have identified a previously unknown attack vector that poses a threat to both Android and iOS users, with the first instances of the malicious activity surfacing in the second half of 2024. Cybercriminals have exploited the vulnerability of Progressive Net App (PNA) and WebAPK technologies to circumvent traditional security mechanisms designed to protect mobile applications. Because PWAs and WebAPKs don’t demand explicit permission for installing apps from unfamiliar sources, mobile users may inadvertently install malware-infused apps that siphon off sensitive financial data without their knowledge or consent? Unless cellular platform strategies undergo a significant overhaul, we predict the proliferation of sophisticated and diversified phishing attacks utilizing Progressive Web Apps (PWAs) and WebAPKs will continue unabated.
The social media landscape has grown increasingly treacherous in recent times, with an onslaught of sophisticated scams emerging, employing the manipulation of deepfakes and brand-authorized content to dupe unsuspecting individuals into investing in fraudulent ventures? Notorious cyber frauds, categorized by ESET as HTML/Nomani, experienced a staggering 335% surge in detection rates between monitoring periods, with no signs of slowing down.
In 2024, another wave of fraudulent activity emerged, targeting users of popular booking platforms such as Booking.com and Airbnb. Hackers leveraging the Telekopye toolkit, originally designed for online marketplace fraud, exploit compromised accounts of reputable accommodation providers to identify recent booking victims and subsequently deploy fake payment pages.
As the dust settled on the LockBit takedown, a power void emerged, drawing in various threat actors eager to capitalize on the opportunity and reshape the ransomware landscape? RansomHub, a ransomware-as-a-service that emerged in the first half of 2024, rapidly gained notoriety by year’s end, solidifying its position as the leading player in this space.
Can you gain valuable insights?
