ESET, a leading player in the cybersecurity industry, has released its latest Threat Report, which encompasses findings from December 2023 to May 2024. This extensive report details key trends in the cybersecurity landscape, observed through ESET's comprehensive telemetry and expert analyses.
Escalating dangers: Infostealers and deepfake technologies
The report underscores an alarming escalation in infostealers that are masquerading as generative AI tools like OpenAI's Sora and Google's Gemini. These deceptive tactics lure individuals into downloading harmful software. Furthermore, a novel mobile malware known as GoldPickaxe has been discovered, which can pilfer facial recognition data to generate deepfake videos. These forgeries are subsequently utilised by fraudsters to authenticate illicit financial transactions. Notably, GoldPickaxe has victimised users across Southeast Asia through region-specific malicious applications affecting both Android and iOS devices.
Increased exploitation in gaming and WordPress
The gaming sector has also been compromised, with pirated video games and cheating aids found to harbour infostealer malware, including Lumma Stealer and RedLine Stealer. Notably, RedLine Stealer witnessed a significant spike in detections in the first half of 2024, particularly in Spain, Japan, and Germany, with activities exceeding those recorded in the second half of 2023 by a third.
The Balada Injector gang continues to exploit WordPress plugin vulnerabilities, affecting over 20,000 websites and generating over 400,000 hits as per ESET telemetry. This persistent exploitation underscores the ongoing vulnerability of web platforms.
The evolving ransomware landscape
The ransomware landscape has witnessed significant shifts, particularly with the disruption of LockBit, a previously dominant ransomware group. Following Operation Chronos, a global law enforcement operation carried out in February 2024, LockBit has been substantially weakened. Nonetheless, subsequent attacks have seen other groups using the leaked LockBit builder to perpetrate ransomware attacks, indicating that the threat from ransomware remains potent.
In-depth analysis of server-side attacks
Additionally, ESET researchers have conducted a thorough investigation into one of the most advanced server-side malware campaigns, involving the Ebury group. This malware, targeting servers operating Linux, FreeBSD, and OpenBSD, has compromised close to 400,000 servers, with more than 100,000 still affected as of late 2023.
