.png)
Cybercriminals are using a variety of new methods to target organizations across industries. In this article, we examine the most pressing trends and findings from the 2024 surveys on the growing threat of cybercrime.
North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago. Account-opening fraud declined by nearly 60% in the last year, as banks implemented additional controls, such as behavioral biometric intelligence. Check and deposit fraud volumes tripled in the last year.
Consumers are falling victim to scams where fraudsters pose as representatives from the government, including agencies like the USPS, the FBI and the IRS. In the first three months of 2024, the average government impersonation scam victim in the US lost $14,000 in cash, totaling more than $20 million. Additionally, between 2022 and 2023, there was 90% increase in losses from cash payments due to government impersonation scams.
Malware families such as Gafgyt (3.12%), Mirai (2.09%), and Bedevil (1.84%) appeared less often than in prior years, which may be a reflection of attempts to neutralize botnets from propagating. 47% of Microsoft Azure failures were tied to storage account misconfigurations, while 44% of Google Cloud users failed checks related to BigQuery, specifically due to a lack of customer-managed encryption.
Over the last 12 months, the latest research shows that both basic and advanced bot-driven attacks have increased. The tools and techniques available to cybercriminals to perform these attacks have become more advanced, significantly outpacing traditional defenses. Regionally, Europe is the least protected against simple bot attacks, with 68% of websites unprotected and only 8% fully protected.
According to the FTC, consumers reported losing more than $10 billion to fraud in 2023 alone, representing a 14% increase over the previous year and the highest dollar amount ever reported. Online privacy (67%), phishing emails or phone scams (65%), and false information or fake news and ads (49%) round out the top five online security concerns for US consumers.
54% of US companies have experienced at least one identity fraud incident affecting a senior executive over the last 18 months, which is 13 points higher than the global average of 41%.
DDoS attacks surged 106% from H2 2023 to H1 2024. An average DDoS attack now lasts 45 minutes—an 18% increase from last year—costing unprotected organizations approximately $270,000 per attack at an average rate of $6,000 per minute. Manufacturing has replaced retail as the industry facing the largest DDoS attacks, followed by healthcare (up 128.5% compared to H1 2023).
Cybercrime-as-a-service continues to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up a significant portion of malicious tools in use by attackers. As ransomware continues to be a top security concern for organizations, Darktrace’s Threat Research Team has identified three predominant ransomware strains impacting customers: Akira, Lockbit and Black Basta.
Fraud surrounding IDs has become pervasive, accounting for 70% of all fraudulent verifications evaluated by Socure’s document verification solution. The other 30% of fraudulent captures is biometric-related fraud, including selfie spoofing and impersonations (15%) as well as a mismatch between the headshot on the ID and the selfie (15%).
Among the top 5 most-widespread malware detections were JS.Agent.USF and Trojan.GenericKD.67408266. Both variants redirect users to malicious links, and both malware loaders attempt to load DarkGate malware on the victim’s computer. Q4 showed a resurgence in script-based threats, as scripts rose the most as an endpoint attack vector, with threats detected increasing 77% from Q3.
Researchers found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Mobile malware is becoming an attractive attack vector for criminals. Between August and December 2023, SpyCloud recaptured 10.58 million mobile records exfiltrated by malware.
Consumers are increasingly targeted by scammers, who rely on heightened emotions to create fraud opportunities. While the number of individual scam reports from June to December decreased, the total money lost increased, indicating scammers are targeting victims with more effective – and costly – scams.
From fake GoFundMe campaigns, social media giveaways, investment opportunities and text fraud, fraudsters are employing new methods that strike an emotional response from consumers with cause-related asks or too-good-to-be-real offers to gain access to consumers’ vital, personal information.
QR code attacks are the latest evolution of traditional phishing, where threat actors use social engineering to manipulate targets into interacting with malicious QR codes. While every employee is at risk, C-Suite executives were 42 times more likely to receive QR code attacks than the average employee.
83% of US companies saw an increase in cyber fraud attempts on their organization in the past year. Fraudsters primarily used text messages (50%), fake websites (48%), social media (37%), hacking (31%), BEC scams (31%) and deepfakes (11%) to dupe organizations. CEO and CFO impersonations (44%) was the third most common type of fraud.
As their main goals changed, cybercriminals modified their tactics and moved away from using email as a preferred attack vector (down from 52% to 37%), targeting cloud (44%) and compromised applications (39%) instead. By taking a more covert approach, attackers can remain undetected longer and gain continuous access to systems and data, enabling them to ramp up the damage when they choose.
from Help Net Security https://ift.tt/5uj7SAD
0 comments:
Post a Comment