In its recently published Q3 2024 Threat Report, Gen has spotlighted significant trends within the realm of cybersecurity, revealing escalating complexities surrounding cyber threats as the role of artificial intelligence (AI) evolves. The report underscores that while AI is increasingly weaponized to execute attacks—such as generating realistic deepfakes and launching sophisticated phishing schemes—it simultaneously functions as a vital line of defence against these growing threats.

The findings indicate a stark rise in various cybercrimes, particularly highlighting the alarming emergence of social engineering tactics. Comparatively, there has been an unprecedented 614% uptick in “Scam-Yourself Attacks,” where cybercriminals manipulate victims into inadvertently installing malware. This tactic often relies on fake tutorials circulating on platforms like YouTube, where users are drawn in by promises of free access to paid software, only to end up downloading malicious software instead.

Additionally, more deceptive practices have surfaced, such as ClickFix Scams, where attackers present bogus technical solutions that lead users to input harmful code into their command prompts, thereby granting them control. Similar schemes involving counterfeit CAPTCHA prompts and fraudulent software updates further exemplify how attackers are deceiving users into activating malware through psychological manipulation.

As the report reveals, data-stealing malware has seen concerning growth, particularly with information thieves increasing by 39%. A particularly alarming rise noted is within the Lumma Stealer category, which registered a staggering 1154% increase in activity. Ransomware threats are also prominent, as evidenced by a 100% surge in risk ratios for ransomware attacks, with the Magniber ransomware taking the lead by exploiting unpatched software vulnerabilities. Outdated systems, particularly those still operating on Windows 7, have demonstrated a high susceptibility to these cyber threats.

Despite these challenges, Gen has actively collaborated with various governments to provide free decryption tools, including the Avast Mallox Ransomware Decryptor, aimed at countering these criminal advancements.

The report also sheds light on the upward trend in data-stealing malware attacks on mobile devices, which have surged by 166% in the third quarter of 2024. A new malware strain dubbed NGate has emerged, designed to clone bank card data, facilitating illicit withdrawals or transactions. Other banking malware variants, such as Rocinante, have increased by 60%, with new entrants like TrickMo and Octo2 further intensifying the threat landscape.

The delivery methods for these malicious assaults have also evolved; malicious SMS messages remain prevalent, with telemetry data from Norton Genie revealing that smishing (malicious SMS scams) constitutes 16.5% of recorded attacks. This is followed by lottery scams, accounting for 12%, and phishing incidents through emails or texts at 9.6%.

As organisations navigate this increasingly complex cyber environment, the report stresses the importance of heightened awareness and proactive security measures as essential components for safeguarding sensitive information and defending against the threats posed by both criminal enterprises and the burgeoning capabilities of AI in the cyber realm.

Source: Noah Wire Services