Cybersecurity Study Uncovers Key Malware Attack Trends

• Positive Technologies released its Cybersecurity Threatscape: Q1 2024 report that reveals the continuing rise of cyber incidents.
• Government agencies, IT companies, and other industries are the most common targets of threat actors.

According to Positive Technologies’ Cybersecurity Threatscape: Q1 2024 report, cyber attacks increased by 7% in the previous quarter. As a result, leaks of confidential information affected both individuals and organizations. Regarding leaks for individuals, such attacks saw a 9% increase, accounting for 72% of the incidents. While similar incidents for organizations fell by 11% to account for 43% of such incidents, highlighting the need for stronger data safeguards.

Rising Threat of Remote Access Tools and Malware

This quarter, remote access tools (RATs) rose significantly, by 10% and 27% to 32% and 37% for organizations and individuals, respectively. This highlights the rising complexity of cyberattacks and the preference of threat actors to gain control of targeted systems through remote mediums. Some popular remote access tools include Agent Tesla, Venom RAT, and Remcos.

RATs were commonly used in complex phishing attacks. Combined with malware with functionalities such as system control, keystroke logging, and data encryption, RATs have been popular among cybercriminals. Malware with RAT functionality has also been found to pose a notable threat to mobile device security.

Attackers have also targeted individuals with malware 9% more, accounting for 68% of attacks, while organizations witnessed an 11% decrease in malware-based attacks despite the increased threat of remote access tools.

Social Engineering and Mass Attacks are Persistent Threats

The first quarter of 2024 witnessed several mass attacks and leaks of personal data by exploiting vulnerabilities. Cybercriminals have been found to use open software repositories and IT project collaboration to deliver malware payloads.

In addition, social engineering remains a key threat, especially for individuals. Such strategies were used as attack vectors in 85% and 52% of attacks against individuals and organizations, respectively. These threats underscore the importance of secure practices, vigilant monitoring, and the need to invest in frequent training and awareness programs.

See More: Speed vs. Stream: ACSI Findings Showcase Fiber Internet’s Dominance

Major Vulnerabilities and Zero-Days Exploited

The report covered the exploitation of prominent vulnerabilities in popular software products. High-profile zero-days exploited include CVE-2023-46805 and CVE-2024-21887, which affected Ivanti Connect Secure, and CVE-2024-1709 and CVE-2024-1708, which affected ScreenConnect. Exploiting these bugs affected systems worldwide, leading to warnings from bodies such as the CISA.

Other vulnerabilities exploited were the CVE-2023-48022 affecting the Ray Framework, CVE-2023-48788 affecting FortiClient EMS, CVE-2024-21893 affecting Ivanti Gateways, and CVE-2024-27198 impacting TeamCity. According to the report, the number of vulnerabilities is expected to reach around 2900 by the end of the year, creating challenges for cybersecurity professionals.

AI Being Used for Cybercrime

According to the report, cybercriminals are increasingly using AI tools to bolster attack capabilities or create fake credentials. For instance, a threat actor claimed to have data on 48 million Europcar customers. The company later said the data could have been faked via a Python library faking AI tool. AI-generated obituaries were also used in phishing campaigns to attract victims.

Moreover, deepfake technology has witnessed an increase in cybercrime usage. For instance, Hong Kong-based threat actors could steal $25 million using this technology. The use of AI in cybercrime emphasizes the need for superior verification methods to prevent fraud and deepfake content.

Open Source Threats

As per the report, a major threat has come from package managers and open-source libraries. Over 100,000 fake repositories were discovered on GitHub, each containing malicious code. Attackers also misused package managers such as NPM and PyPI in popular libraries.

Threat actors also created malicious packages with names similar to legitimate ones, using typing errors to distribute malware. Such threats highlighted the risk of open-source code and the need for careful verification.

The report also focused on major cyber attacks and their impact: 

• Lurie Children’s Hospital: Major disruptions in services
• Varta: Production halted at five plants, shares fell by 4.75%
• Tietoevry: Akira ransomware affected multiple clients
• Optum: BlackCat attack led to a major platform crash, costing $100 million per day

Best Practices for Mitigation

Positive Technologies also suggested best practices for mitigating such threats. These include establishing vulnerability management infrastructure, inventorying and classifying data assets with control policies, securing software supply chains, and implementing sandboxes to detect malicious activity.

Takeaway

With a significant rise in attacks and the use of complex vectors such as zero-day vulnerabilities and AI-powered content, entities must bolster their defenses. Frequent updates, vigilance, and security practices are important to create adequate safeguards.

LATEST NEWS STORIES

• Work and Play: IKEA Introduces Paid Roles in Roblox Virtual Store
• Russian Firms Under Cyberattack: HellHounds APT Deploys Decoy Dog Malware
• ThousandEyes Unveils AI-Powered Tool To Predict and Fix Internet Outages
• High Profile Tiktok Accounts Compromised via Direct Messages