The new landscape of cyber threats against consumers is taking shape, with the latest Gen Quarterly Threat Report highlighting the raft of challenges they are up against.
Gen, a cybersecurity conglomerate that owns Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner, highlights that hackers, growing in sophistication, are opting to use more AI-powered scams, digital identity theft, and ransomware attacks to steal from the public.
“Scammers are cunning and adept at exploiting what is most likely to be on consumers’ minds – whether it has to do with elections, love or financial security,” says Siggi Stefnisson, Chief Technology Officer at Gen.
Augmenting attacks with AI
The report points to the growing accessibility and proliferation of AI as being a cause of this new era of cybercrime, allowing malicious actors to breathe new life into old tactics.
“Now with AI and other new tech, their schemes are more sophisticated and convincing than ever before,” says Siggi.
One of the most alarming trends identified in the report is the use of deepfakes to perpetrate large-scale fraud. In a particularly audacious scheme, the scam group CryptoCore employed highly convincing deepfakes of official events, disseminated through compromised YouTube accounts, to promote fake cryptocurrency giveaways. This campaign alone resulted in the theft of a staggering US$5m.
The report also sheds light on the evolution of part-time job scams, which have transitioned from text-based interactions on platforms like Telegram to more sophisticated AI-generated voice communications. This development adds a new layer of realism to these deceptive schemes, making them increasingly difficult for unsuspecting victims to identify.
The resurgence of classic scams
Yet despite the world having moved leaps and bounds even since the past two years, the report suggested AI is not the only thing being used to level attacks.
The classic antivirus scam, a tactic that was first popularised in the late 2000s, has been revitalised. This happened when scam pop-up alerts mimic legitimate antivirus programs, often claiming the user's computer is infected to create a sense of urgency.
These fake alerts abuse the Windows notification system to appear as credible system messages, pressuring users into purchasing unnecessary antivirus software.
Digital identity theft
As large-scale company breaches become increasingly commonplace in 2024, cybercriminals have shifted their focus towards stealing digital identities. The report highlights two primary methods employed by attackers: Information Stealers (InfoStealers) and Mobile Bankers.
InfoStealers, which breach devices to steal login details, session cookies, passwords, and financial information, have seen a slight decline in Q2/2024. However, certain malware families continue to grow, with AgentTesla increasing its market share by 11%.
Mobile Bankers, on the other hand, specifically target mobile devices to steal banking details, cryptocurrency wallets, and instant payment credentials. The report cites the example of TeaBot, a Mobile Banker disguised as a PDF reader, which targeted Revolut customers in Q2/2024.
Ransomware attacking consumers
Perhaps one of the most surprising statistics and form of attacks seeing growth against consumers is the rise in consumer-targeted ransomware attacks.
Gen's telemetry data reveals a 24% quarter-over-quarter increase in such attacks during Q2/2024. India experienced a staggering 379% increase, followed by significant spikes in the US, Canada, and the United Kingdom.
Ransomware, although going through a huge rise recently, usually targets large enterprises or industries as the chance is that they have money to pay. The fact that this is happening to consumers now too and at equally a large rate shows just how pervasive cybersecurity threats are.
As large organisations improve their cybersecurity measures, individual consumers, who often have less sophisticated protection in place, may be becoming more attractive targets.
Contextualising the threat landscape
The findings of the Gen Quarterly Threat Report come at a time of increasing digital dependency.
Having increased our march towards digital platforms for work, education, and social interactions, the attack surface for cybercriminals has grown exponentially. Equally, the rise of AI-powered scams are making threats like phishing, even harder to detect.
Comments
Post a Comment