Insights from ESET Research: Threat Reports
Exploring the H2 2024 threat landscape through the lens of ESET telemetry and expertise
Published: 16 Dec 2024
•
,
Estimated reading time: 3 min.
In the ongoing battle between cybercriminals and defenders, the second half of 2024 has witnessed a surge in security breaches and evolving attack strategies. New threats have emerged, exploiting vulnerabilities and employing innovative tactics to target a wider range of victims. ESET telemetry and research have captured these developments, shedding light on the changing threat landscape.
One notable shift has been the rise of Formbook, displacing the long-standing Agent Tesla malware in the infostealer category. Formbook’s versatility in stealing sensitive data has made it a popular choice among cybercriminals, bolstered by its malware-as-a-service model and continuous enhancements.
Meanwhile, Lumma Stealer, a newcomer in the infostealer domain, has gained traction among threat actors, with its detection rates surging by almost 400% in H2 2024. On the other hand, the demise of RedLine Stealer following a takedown operation has created opportunities for other similar threats to fill the void.
The soaring value of cryptocurrencies in H2 2024 has made cryptocurrency wallet data a prime target for cybercriminals. Cryptostealer detections have spiked across various platforms, particularly on macOS and Android, where malicious activities targeting cryptocurrency wallets have intensified.
Mobile users should be wary of a new attack vector identified by ESET researchers in H2 2024, involving the exploitation of Progressive Web App (PWA) and WebAPK technologies to circumvent traditional security measures. These tactics could lead to the unwitting installation of malicious apps, posing a significant threat to users’ banking credentials.
Social media platforms have become breeding grounds for scams, with the proliferation of deepfake videos and fraudulent investment schemes. ESET’s tracking of HTML/Nomani scams has revealed a significant increase in detections, underscoring the need for vigilance among users.
Additionally, a new scam targeting users of popular accommodation booking platforms has surfaced, leveraging a toolkit named Telekopye to deceive individuals through fraudulent payment pages.
The ransomware landscape underwent a transformation with the downfall of LockBit, paving the way for RansomHub to emerge as a dominant player in the ransomware-as-a-service arena.
We invite you to delve deeper into these insights and stay informed about the latest trends and threats by following ESET research on Twitter.
For organizations seeking to bolster their cybersecurity defenses with threat intelligence, explore the offerings on the ESET Threat Intelligence page.
