Man using a laptop at a conference. — Image © Tim Sandle
A couple of years ago we published an article titled “Scary Security Stats: The worst of 2022”. With Halloween arriving, it seemed appropriate for to revisit this topic.
Looking into the virtual cauldron and spinning a web of data patterns, here some new scary security facts for 2024 – five terrifying tech tales:
Critical Start: H1 Threat Intelligence Report
This Halloween season, a new breed of cyber threats casts an ominous shadow: deepfakes and scareware. Deepfakes—AIgenerated digital apparitions—mimic voices, faces, and even full video sequences with unsettling accuracy, making it nearly impossible to discern between friend and foe. Cybercriminals exploit these highly convincing forgeries to deceive people and organizations, resulting in:
• 3,000 percent Surge in Deepfake Fraud Attempts: In 2023 alone, the number of deepfake fraud attempts has risen by a staggering 3,000%, raising significant concerns among cybersecurity professionals.
• 6.5 percent of All Fraud Cases: Deepfakes now haunt 6.5% of all fraud cases, undermining trust and creating confusion in various sectors.
• $1 Trillion in 2024: The financial spectre of deepfake fraud is projected to reach $1 trillion globally in 2024, posing a serious challenge for organizations unprepared for this growing threat.
Meanwhile, scareware lurks in the shadows, using social engineering to spook users into reckless clicks and downloads. Disguised as urgent popup warnings or critical updates, scareware tricks victims into stepping into its trap, leading them to malicious sites or tempting them to download malware masked as musthave software. These sinister strategies are growing more devious, where individuals and businesses must remain vigilant, enhance cybersecurity defences and awareness to counter these insidious threats before they can strike.
Ontinue: 1H 2024 Threat Intelligence Report
In Q1 alone, there were 8,967 published CVE records, with over 13,400 more awaiting publication. However, the most widely published vulnerabilities aren’t always the ones most exploited.
At the start of 2024, we witnessed a surge in zeroday vulnerabilities affecting Ivanti products, with three of them still actively exploited today. This highlights the critical importance for organizations to stay aware of the software and hardware they use, ensure timely patching, and subscribe to vendor security bulletins. Patching once a month or quarter is no longer sufficient to maintain adequate security.
In 2024, the Manufacturing & Industrial sector has emerged as the most targeted industry, with its share of attacks rising from 20 percent in 2023 to 41 percent this year.
SlashNext: 2024 MidYear Assessment on the State of Phishing
Fueled by AIgenerated attacks, SlashNext researchers observed a 341 percent increase in malicious phishing link, BEC, QR Code and attachmentbased email and multichannel messaging threats in the first half of 2024.
Since the launch of ChatGPT in November 2022, SlashNext researchers observed a 4,151% increase in malicious phishing messages sent.
Bugcrowd: 2024 Inside the Mind of a Hacker Report: Insights on AI, Hardware Hacking, and Cybersecurity Trends
AI has opened up a new attack vector in organizations. In a survey of 1,300 ethical hackers, 82 percent of hackers believe that the AI threat landscape is evolving too fast to adequately secure. 93 percent of hackers agree that companies using AI tools have created a new attack vector.
The report illuminates the rise of a surprising trend: the increasing prominence of hardware hacking. In the past 12 months, 81% of hardware hackers encountered a new vulnerability they had never seen before, and 64% believe that there are more vulnerabilities now than a year ago.
In response to the rise of AI, 83 percent of hardware hackers are now confident in their ability to hack AIpowered hardware and software, indicating a new potential avenue for exploitation.
Zimperium: Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware
Mobile security researchers at Zimperium are releasing intel on a new variant of the FakeCall malware. FakeCall employs a technique known as Vishing (voice phishing), in which fraudulent phone calls or voice messages are used to deceive victims into disclosing sensitive information. This new variant has the ability to capture information displayed on a screen using the Android Accessibility Service. The variant is showing a strategic evolution in mobile security – evasive cyberattacks are now the new normal, as cybercriminals are becoming more sophisticated in their mobile phishing attacks.
