As 2024 draws to a close, the cybersecurity landscape remains fraught with uncertainty, as cybercriminals continue to innovate and exploit vulnerabilities to expand their reach.
Experts report a disturbing surge in new attack vectors, social engineering tactics, and emerging threats during the second half of the year.
At the same time, several high-profile takedown operations have shaken up long-established criminal networks, further highlighting the ongoing battle between cybercriminals and defenders.
“As a result, we’ve seen new attack vectors and social engineering methods, new threats skyrocketing in our telemetry, and takedown operations leading to shake-ups of previously established ranks,” said Jiří Kropáč, a leading cybersecurity researcher.
- Formbook has replaced the long-dominant Agent Tesla as the leading infostealer, while Lumma Stealer detections surged by nearly 400%.
- Company-branded and deepfake scams targeting social media users with fraudulent investment schemes saw a sharp 335% increase.
- RansomHub experienced significant growth, emerging as the dominant player in the ransomware-as-a-service (RaaS) market.
- Cryptocurrency wallet data became a major target for cybercriminals, with the most notable increase in attacks occurring on macOS systems.
A Surge in Sophisticated Threats
ESET’s H2 Threat Report highlights the disturbing trends that have emerged in the latter half of 2024. One of the most significant developments has been the rise of new forms of cybercrime, including a staggering 335% increase in deepfake scams.
Fraudulent social media campaigns utilizing hyper-realistic deepfake videos and fake company-branded posts have spread rapidly, preying on the public’s trust with promises of lucrative investments.
Among the hardest-hit countries were Japan, Slovakia, Canada, Spain, and Czechia, with social engineering schemes growing more complex by the day. “Cybercriminals are honing their manipulation tactics, targeting high-profile users and vulnerable groups, such as those seeking investment opportunities,” Kropáč added.
Infostealers and Ransomware-as-a-Service Continue to Thrive
Meanwhile, the infostealer ecosystem has seen its own shake-up. Redline Stealer, one of the most notorious infostealers operating in a “as-a-service” model, was dismantled in a major international operation in October 2024.
Despite this victory for law enforcement, the demise of Redline Stealer is not expected to curb the spread of infostealer threats. Experts warn that new variants will likely flood the market, with cybercriminals quickly shifting their focus to other tools.
The ESET report also revealed that Formbook, a malware used for information theft, has now replaced Agent Tesla as the leading infostealer. Alongside Formbook, Lumma Stealer has emerged as another growing threat. ESET noted a 369% increase in Lumma Stealer detections, signaling its increasing popularity among threat actors.
RansomHub Dominates Ransomware-as-a-Service
Ransomware-as-a-Service continues to be a booming business for cybercriminals, with RansomHub emerging as a dominant player in the market. This malicious platform allows even novice hackers to launch devastating ransomware campaigns.
The rise of RansomHub is indicative of the ongoing trend where cybercriminals are increasingly outsourcing their ransomware operations, lowering the barrier for entry and expanding the scale of attacks.
RansomHub’s success has been mirrored by the increasing sophistication of attacks, targeting industries ranging from healthcare to government and education. As organizations struggle to keep up with evolving tactics, the financial and reputational damage caused by ransomware attacks has reached new heights.
Targeting Cryptocurrency and macOS Vulnerabilities
Cybercriminals are also adapting to new technologies and platforms, with notable attention now being focused on cryptocurrency wallets and macOS systems. The popularity of cryptocurrency has drawn cybercriminals seeking to exploit vulnerabilities in digital wallets, particularly on macOS.
ESET’s report highlights a disturbing trend of increasing activity targeting cryptocurrency wallet holders, reflecting a growing effort to siphon off digital currencies.
Meanwhile, macOS, once considered a relatively secure environment, has become a prime target for cybercriminals. The expansion of threats targeting these systems suggests a shift in tactics, with macOS vulnerabilities now in the crosshairs of a more sophisticated and aggressive cybercriminal landscape.
A Never-Ending Game of Cat-and-Mouse
The second half of 2024 serves as a timely reminder of the cat-and-mouse game between defenders and cybercriminals. As new tactics emerge and old ones evolve, organizations and individuals alike must remain vigilant in their efforts to protect sensitive data and digital assets.
Cybersecurity experts continue to emphasize the importance of proactive defense strategies, regular software updates, and user education to combat these ever-evolving threats.
“The best defense is vigilance,” said Kropáč. “Cybercriminals will continue to innovate, but we must continue to adapt and strengthen our defenses to stay one step ahead.”
As the year comes to a close, the cybersecurity community remains on high alert, anticipating that the battle against cybercrime will intensify as we head into 2025. With new attack methods, ever-more sophisticated criminals, and a rapidly expanding digital landscape, the fight for secure cyberspace is far from over.