ESET has released its latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts, from December 2023 through May 2024. These past six months painted a dynamic landscape of Android financial threats, malware going after victims’ mobile banking funds – be they in the form of “traditional” banking malware or, more recently, cryptostealers. Infostealing malware can now be found impersonating generative AI tools, and new mobile malware GoldPickaxe is capable of stealing facial recognition data to create deepfake videos used by the malware’s operators to authenticate fraudulent financial transactions. Video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as the RedLine Stealer, which saw several detection spikes in H1 2024 in ESET telemetry.

“GoldPickaxe has both Android and iOS versions and has been targeting victims in Southeast Asia through localized malicious apps. As ESET researchers investigated this malware family, they discovered that an older Android sibling of GoldPickaxe, called GoldDiggerPlus, has also tunneled its way to Latin America and South Africa by actively targeting victims in these regions,” explains Jiří Kropáč, Director of ESET Threat Detection.

In recent months Infostealing malware also began to utilize the impersonation of generative AI tools. In H1 2024, Rilide Stealer was spotted misusing the names of generative AI assistants, such as OpenAI’s Sora and Google’s Gemini, to entice potential victims. In another malicious campaign, the Vidar infostealer was lurking behind a supposed Windows desktop app for AI image generator Midjourney – even though Midjourney’s AI model is only accessible via Discord. Since 2023, ESET Research has increasingly seen cybercriminals abusing the AI theme – a trend that is expected to continue.

Gaming enthusiasts who ventured out of the official gaming ecosystem were attacked by infostealers, as some cracked video games and cheating tools used in online multiplayer games were recently found to contain infostealer malware such as Lumma Stealer and RedLine Stealer. RedLine Stealer saw several detection spikes in H1 2024 in ESET telemetry, caused by campaigns in Spain, Japan, and Germany. Its recent waves were so significant that RedLine Stealer detections in H1 2024 surpassed those from H2 2023 by a third.

Balada Injector, a gang notorious for exploiting WordPress plug-in vulnerabilities, continued to run rampant in the first half of 2024, compromising over 20,000 websites and racking up over 400,000 hits in ESET telemetry for the variants used in the gang’s recent campaign. On the ransomware scene, former leading player LockBit was knocked off its pedestal by Operation Chronos, a global disruption conducted by law enforcement in February 2024. Although ESET telemetry recorded two notable LockBit campaigns in H1 2024, these were found to be the result of non-LockBit gangs using the leaked LockBit builder.

The ESET Threat Report features news about recently released deep-dive investigation into one of the most advanced server-side malware campaigns, which is still growing – Ebury group, with their malware and botnet. Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD, and OpenBSD servers; more than 100,000 were still compromised as of late 2023.

GenAI and cyber security

AI is the hottest topic in the universe. Pairing AI with cybersecurity opens up vast possibilities and challenges. Many security professionals believe that integrating intelligence into cybersecurity can enhance defenses against sophisticated cyberattacks. However, cybercriminals are also leveraging AI to weaponize their assaults. Check Point partnered with market researchers at Vanson Bourne to examine how security professionals are incorporating Generative AI (GenAI) into their practices. Several key findings from their research are outlined below.

Skills gap

Despite over 70 percent of respondents feeling confident about their organization’s defenses, eighty-nine percent countered their optimism by acknowledging that employing qualified people was challenging. The cyber security skills gap puts a serious damper on how effective organizations can assemble the right defenses against AI-infused cybercrime.

“An overwhelming 89% of IT and security professionals report a significant skills gap, underscoring the urgent need for innovative solutions.”

Surveyed professionals said the skills gap significantly hampers an organization’s ability to conduct efficient security operations. A substantial 98 percent of those affected reported an “impact” on their security operations, with 40 percent citing a “strong impact.”

Enter GenAI

No organization, large or small. can ignore the potential impact of a major cyberattack. As a result, surveyed organizations said they have turned to AI-powered tools to boost cyber security, including incident response, malware protection, and data loss protection. Clearly, AI is etching its role in providing better protection of the digital landscape.

“97-99% of organizations utilize AI-powered tools, with a significant shift towards GenAI for a comprehensive security strategy.”

GenAI benefits

Organizations have embraced GenAI for strategic purposes, with many using it for over a year to bolster cybersecurity against sophisticated threats and improve incident response rates. Across all regions, GenAI tools are recognized for better understanding user behavior and anomalies. However, European respondents showed less agreement on AI’s potential for enhancing efficiency compared to APAC professionals, who indicated GenAI’s role in streamlining security operations and resource allocation.

The skills gap paradox and GenAI

Bridging the Gap: GenAI can be an ally in addressing the skills gap. It offers a way to augment existing capabilities and improve efficiency, especially in sectors with a high demand for cyber security proficiency.

“Gen-AI is instrumental in closing the cyber security skills gap, with 98% of affected organizations recognizing its impact on operational efficiency.”

Industry-specific insights

The impact of GenAI varies across sectors, with particular benefits observed in healthcare and finance. These sectors recognize Gen-AI’s potential to significantly reduce manual work and increase the efficiency of incident response.

To this survey question, “Thinking about GenAI / AI/ML Deep-Learning, to what extent do you agree or disagree with the following statements,” most respondents agreed that AI tools will improve their efficiency, increase their incident response rates, and help close skills gaps in their organizations.

Here are other results:

• GenAI has/can significantly reduce manual work for our security team: Healthcare (32% lower)
• AI/ML Deep Learning has/can greatly increase our efficiency with incident response: Energy, oil/gas, and utilities (36% higher)
• Gen AI has/can significantly increase our catch rate: Finance/banking/investments (35% higher)
• AL/ML Deep Learning has/can help to substantially bridge the cyber security skills gap in my organization (for those experiencing skills gap in cyber security operations): Finance/banking/investments (28% improvement)

Investment and Implementation

The commitment to integrating GenAI into cyber security is strong, with 90 percent of organizations planning to prioritize AI/ML and GenAI tools. This is accompanied by an anticipated increase in budget allocations for GenAI tools.

“90% of organizations prioritize investments in GenAI tools, reflecting a strategic shift towards innovative cyber security solutions.”

GenAI Transformation

While the outlook is optimistic, concerns and challenges do remain. Organizations highlight the importance of keeping AI models updated while being cognizant of the challenges, such as ensuring compliance with data regulations.

The journey towards a GenAI-integrated security landscape will offer security leaders both rewards and challenges. However, it’s clear, GenAI will help transform organizations as cyber security providers incorporate greater intelligence. Embracing GenAI with strategic foresight will pave the way for a more secure and resilient digital future.

Top threats

• Of nearly 30,000 critical risk alerts identified by Help AG in 2023, the dominant threat categories were found to be Credential Theft (49%) and Brand Abuse (39%), while Data Leakage and Phishing represented 10% and 1.5% of use cases respectively.
• Cyberthreats majorly impacted the Education (36%), Aviation (29%), and Healthcare sectors (15%), which represented a combined 80% of targeted organizations in the GCC.
• Organizations in the Government (8%), Investment (7%), and Banking and Finance (4%) sectors followed, as transactions in these sectors became increasingly digitized.
• There was a 42% jump in Distributed Denial-of-Service (DDoS) attacks in 2023, with Help AG recording 213,434 attacks of this nature.
• The longest DDoS attack lasted for over 5 days, while the largest attack by bandwidth logged in at a record-breaking rate of 461.5 Gigabits per second (Gbps).
• 40% of DDoS attacks targeted the Government sector in 2023, followed by 29% for the Telecoms sector, 9% for Aviation, and 5% for Oil & Gas.
• The Financial and Telecoms sector experienced the largest DDoS attacks by volume, logging in at 461.5 Gbps and 302.2 Gbps, respectively.

• Trends in cybersecurity investment

• In 2023, cyber defense investments doubled amid the continuing digital transformation surge, with GCC enterprises and governments exhibiting growth in:

Cybersecurity Estate Consolidation: 100+% growth in technology and vendor relationships consolidation.

Managed Cyber Defense: Investment skyrockets due to the increasing complexity of the digital threat landscape.

Cybersecurity Advisory: 2x growth in investments due to the growing regulatory compliance requirements.

DDoS Protection: Complementing classic DDoS protection with adaptive solutions.

• Investments spanned preventative, detective, responsive, and predictive controls.
  • Multi-factor authentication implementations rose by 16%, while patch management processes saw a 13% increase, highlighting critical efforts to thwart threat actors and maintain system integrity.
  • Implementation of web application firewalls increased by 9%, and identity access management also grew by 9%, indicating a strengthening of web and identity security frameworks.
  • Privileged access management saw a 10% increase, enhancing security for critical server access, and dedicated data activity monitoring rose by 15%, reflecting growing concerns over data privacy and protection.