- AI continues to play a dual role in cybersecurity
- Lumma Stealer rises 1154%, marking a new malware peak
- Outdated systems remain vulnerable to ransomware
In its recent Q3 2024 Threat Report, Gen highlights alarming trends that reveal the growing complexity of cyber threats, highlighting that as cybercriminals refine their methods, the dual role of AI becomes evident.
While AI can be weaponized to enhance attacks by proliferating realistic deepfakes and highly convincing phishing campaigns, AI tools also serve as a crucial defense mechanism.
As cyber threats become more sophisticated and difficult to detect, awareness and proactive measures are essential to safeguard sensitive information.
Social engineering tactics take center stage
Cybercriminals are increasingly using social engineering tactics to trick millions of people into compromising their security. Quarter over quarter, there has been a 614% increase in “scam yourself attacks,” which use psychological manipulation to trick people into inadvertently installing malware on their own devices.
Attackers will use fake tutorials shared on popular platforms such as YouTube that claim to provide free access to paid software, enticing users to follow the instructions. However, victims inadvertently download malicious programs.
Another tactic, known as ClickFix Scams, tricks victims by presenting them with fake technical solutions and then instructing users to copy and paste malicious code into their command prompts, unknowingly giving attackers control of their systems.
Similarly, fake CAPTCHA messages disguised as standard verification steps have emerged, prompting users to paste harmful code into their systems. Fake updates posing as essential software updates are sent to users loaded with malware disguised to gain administrative privileges once installed.
Data-stealing malware and ransomware have seen an increase and information thieves have increased by 39%. Lumma Stealer, for example, increased its activity by 1,154%.
Ransomware attacks have also increased, with a 100% increase in risk ratio, with Magniber ransomware leading these attacks by exploiting unpatched software to gain access. Outdated systems, such as Windows 7, remain particularly vulnerable; However, Gen has worked with governments to release free decryption tools like Avast Mallox Ransomware Decryptor.
Mobile devices also suffered increases in data-stealing malware attacks, which grew by 166% during the third quarter of 2024. A new strain of spyware emerged, NGate, capable of cloning bank card data to withdraw money or make payments. unauthorized transactions. Meanwhile, banking malware, such as Rocinante, increased by 60%, with new strains such as TrickMo and Octo2 emerging.
In terms of delivery, malicious SMS messages remain the main delivery method. Norton Genie telemetry shows that smishing (malicious SMS scams) accounts for 16.5% of observed attacks, followed by lottery scams (12%) and phishing emails/texts (9.6%). .
