close
close

Mondor Festival

News with a Local Lens

ESET H2 2024 Threat Report
minsta

ESET H2 2024 Threat Report

ESET Research, Threat Reports

A view of the threat landscape in the second half of 2024, as seen by ESET telemetry and from the perspective of ESET threat detection and hunting experts.

ESET H2 2024 Threat Report

In the usual game of cat and mouse with defenders, the second half of 2024 saw cybercriminals stay busy, finding security vulnerabilities and innovative ways to expand their victim pool. As a result, we’ve seen new attack vectors and social engineering methods, new threats skyrocket in our telemetry, and takedown operations leading to upheaval in the ranks of established cybercriminals.

Infostealers are one of the threat categories experiencing a shakeup, with the long-dominant Agent Tesla malware dethroned by Formbook – a well-established threat designed to steal a wide variety of sensitive data. Although it has been around for almost a decade, Formbook continues to attract a large criminal user base thanks to its malware-as-a-service (MaaS) model and continued development.

Lumma Stealer, a new addition to the information-stealing scene and another MaaS, is increasingly sought after by cybercriminals: appearing in several notable malware campaigns in the second half of 2024, ESET Telemetry saw its detections increase by nearly 400% between reference periods. RedLine Stealer, another notorious “infostealer as a service”, experienced a very different fate: after its withdrawal by international authorities in October 2024, RedLine Stealer seems to have reached the end of its line. However, its disappearance can be expected to lead to the expansion of other similar threats, eager to take its place.

Unsurprisingly, as cryptocurrencies hit record values ​​in the second half of 2024, cryptocurrency wallet data has been one of the main targets for bad actors. In our telemetry, this was reflected in an increase in cryptostealer detections across multiple platforms. Oddly enough, the increase was most dramatic on macOS, where password-stealing software – heavily targeting cryptocurrency wallet credentials – more than doubled compared to the first half of the year. Additionally, Android financial threats, targeting banking apps as well as cryptocurrency wallets, increased by 20%.

Android and iOS users should be on the lookout for a new attack vector, detected in the wild and analyzed by ESET researchers in the second half of 2024. In these attacks, cybercriminals exploited Progressive Web App (PWA) and WebAPK technologies to bypass traditional security measures. related to mobile applications. Since neither PWAs nor WebAPKs require users to grant explicit permissions to install apps from unknown sources, mobile users may end up unintentionally installing malicious apps that steal their banking credentials. And unless there is a change in how mobile platforms approach these technologies, we expect more sophisticated and varied phishing campaigns using PWAs and WebAPKs to emerge.

The waters of social media have become even murkier recently, with a flood of new scams, using deepfake videos and corporate branded posts to lure victims into fraudulent investment schemes. These scams, tracked by ESET like HTML/Nomani, saw a 335% increase in detections between reporting periods, and we don’t expect their growth to slow down.

The second half of 2024 also brought a new scam targeting users of popular accommodation booking platforms, such as Booking.com and Airbnb. Using a toolkit called Telekopye, originally developed to defraud people in online marketplaces, scammers are using compromised accounts of legitimate accommodation providers to identify people who have recently booked a stay , then target them with fraudulent payment pages.

The ransomware landscape has been reshaped by the withdrawal of former leader LockBit, creating a void for other players to fill. RansomHub, a ransomware-as-a-service first spotted in the first half of 2024, claimed hundreds of victims by the end of the second half of 2024, establishing itself as the new dominant player.

I hope you have an instructive read.

Follow Search ESET on Twitter for regular updates on key trends and top threats.

To learn more about how threat intelligence can improve your organization’s cybersecurity posture, visit ESET Threat Intelligence page.