Eset Threat Report H2 2024

A position of nan H2 2024 threat scenery arsenic seen by ESET telemetry and from nan position of ESET threat discovery and investigation experts

16 Dec 2024  •  , 3 min. read

In nan accustomed cat-and-mouse crippled pinch defenders, nan 2nd half of 2024 has seen nan cybercriminals keeping busy, uncovering information loopholes and innovative ways to grow their unfortunate pool. As a result, we’ve seen caller onslaught vectors and societal engineering methods, caller threats skyrocketing successful our telemetry, and takedown operations starring to shake-ups of established cybercriminal ranks.

Infostealers are 1 of nan threat categories to acquisition a reshuffle, pinch nan long-dominant Agent Tesla malware dethroned by Formbook – a well-established threat designed to bargain a wide assortment of delicate data. Despite being astir for almost a decade, Formbook continues to pull a wide criminal personification guidelines acknowledgment to its malware-as-a-service (MaaS) exemplary and continuous development.

Lumma Stealer, a newer summation to nan infostealer scene, and different MaaS, is becoming progressively sought aft by cybercriminals: appearing successful respective notable malicious campaigns successful H2 2024, ESET telemetry saw its detections sprout up almost 400% betwixt reporting periods. RedLine Stealer, different notorious “infostealer arsenic a service”, met a very different fate: aft a takedown by world authorities successful October 2024, RedLine Stealer appears to person reached nan extremity of its line. We can, however, expect that its demise will lead to nan description of different akin threats, eager to capable its place.

Unsurprisingly, pinch cryptocurrencies reaching grounds values successful H2 2024, cryptocurrency wallet information was 1 of nan premier targets of malicious actors. In our telemetry, this was reflected successful a emergence successful cryptostealer detections crossed aggregate platforms. Curiously, nan summation was nan astir melodramatic connected macOS, wherever alleged Password Stealing Ware – heavy targeting cryptocurrency wallet credentials – much than doubled compared to H1. Further, Android financial threats, targeting banking apps arsenic good arsenic cryptocurrency wallets, grew by 20%.

Android and iOS users alike should beryllium connected nan lookout for a caller onslaught vector, caught successful nan chaotic and analyzed by ESET researchers successful H2 2024. In these attacks, cybercriminals person leveraged Progressive Web App (PWA) and WebAPK technologies to bypass accepted information measures tied to mobile apps. Since neither PWAs nor WebAPKs require users to assistance definitive permissions to instal apps from chartless sources, mobile users whitethorn extremity up unwittingly installing malicious apps that bargain banking credentials. And unless there’s a alteration successful really mobile platforms attack these technologies, we expect that much blase and varied phishing campaigns utilizing PWAs and WebAPKs will emerge.

Social media waters person go moreover much murky recently, pinch a flood of caller scams cropping up, utilizing deepfake videos and company-branded posts to lure victims into fraudulent finance schemes. These scams, tracked by ESET arsenic HTML/Nomani, saw a 335% summation successful detections betwixt reporting periods, and we don’t expect their maturation to slow down.

H2 2024 besides gave emergence to a caller scam targeting users of celebrated accommodation booking platforms, specified arsenic Booking.com and Airbnb. Using a toolkit named Telekopye, primitively developed to defraud group connected online marketplaces, nan scammers usage compromised accounts of morganatic accommodation providers to azygous retired group who person precocious booked a stay, past target them pinch fraudulent costs pages.

The ransomware scenery was reshaped by nan takedown of erstwhile leader LockBit, creating a vacuum to beryllium filled by different actors. RansomHub, a ransomware arsenic a work first spotted successful H1 2024, stacked up hundreds of victims by nan extremity of H2 2024, establishing itself arsenic nan recently ascendant player.

I wish you an insightful read.

Follow ESET investigation connected Twitter for regular updates connected cardinal trends and apical threats.

To study much astir really threat intelligence tin heighten nan cybersecurity posture of your organization, sojourn the ESET Threat Intelligence page.