Trend Micro has warned that threat actors have bounced back from recent law enforcement efforts to unleash a new wave of attacks leveraging AI and other techniques – revealing that it blocked almost 47-million email threats, more than 7 000 ransomware attempts, and over 3-million malicious URLs targeted at South African businesses and consumers alone in the first half of this year.
As detailed in its mid-year roundup report – Pushing the Outer Limits: Trend Micro 2024 Midyear Cybersecurity Threat Report – the threat from malicious actors across the globe remains acute despite successful law enforcement actions against ransomware families such as LockBit.
The threat from malicious actors worldwide remains serious, the report states.
A particular cause of concern is criminal use and abuse of AI. Across the world, Trend Micro has observed threat actors hiding malware in legitimate AI software, operating criminal large language models (LLMs), and even selling jailbreak-as-a-service offerings.
The latter enable cybercriminals to trick generative AI bots into answering questions that go against their own policies – primarily for developing malware and social engineering lures.
Also in H1 2024, cybercriminals have been ramping up deepfake offerings to carry out virtual kidnapping scams and conduct targeted business email compromise-type impersonation fraud. They’ve also been using these offerings to bypass know your customer (KYC) checks which are designed to protect financial organisations from fraud. Trojan malware has been developed to harvest biometric data to help with the latter.
Other highlights from the first half of 2024 include:
- LockBit remains the most prevalent ransomware family despite law enforcement disruption – and has even developed a new variant: LockBit-NG-Dev.
- Cybercriminals have leveraged major events such as the Olympics and national elections to launch targeted attacks.
- State-aligned hackers used advanced techniques to hack into Internet routers and hide their attacks.
- Various groups have targeted cloud environments, apps, and services by exploiting exposed credentials, unchecked resources, security weaknesses, and even legitimate but misconfigured tools.