Cybercrime: key trends and threats in 2024

Cybercrime: key trends and threats in 2024
Photo: предоставлено Никитой Леокумовичем

Cybersecurity experts forecast an increase in demand for malware, in particular, for the theft of cryptocurrencies and the promotion of fraudulent sites through advertising in search engines. Nikita Leokumovich, the head of the Department of Response and Digital Forensics at Angara Security, told in the author's column for Realnoe Vremya what dangers await users of the world wide web.

Cybercriminals disguise their funds to steal people's personal and payment data under the pages of organisations with a large number of users. Kaspersky Lab analysed the statistics of clicks on blocked phishing links and compiled a rating of resources that are faked most often. Messengers are in the first place (19%), mail services and web portals are in second place (18.5%), online games are third in the list with 11%, banks — 10.5%, and online stores are in fifth place with 8%.

Recently, fraudulent resources have often become disguised as corporate pages on social networks and app stores to gain access to accumulated points, bonuses, products and services through the user's personal account. In this case, not only the data and money of customers are at risk, but also the reputation of brands.

What is the reason for such a surge in criminal activity? In 2022 and 2023, the expert community on countering cybercrime recorded a large number of publications of the source codes of various ransomware and stylers — malicious software created by cybercriminals specifically to steal logins and passwords to accounts in browsers, e-mail and social networks, as well as bank card data and crypto wallets from an infected computer. These leaks allowed hackers to refine the malware to sell it by subscription. Scammers pay for a copy of the cryptographer's programme and access to the admin panel. The buyer delivers the malware to their victim on his own. The business model of selling software by subscription is widely used in legal business, the only difference between criminal entrepreneurship is that it pursues criminal goals.

In 2023, the risk of leakage of personal and corporate credentials became even higher, as cybercriminals managed to create sufficiently high-quality products, they became less visible to antivirus programmes, they had new functionality and, finally, they became more accessible. Besides, scammers use new techniques and procedures, it has come to the point that the stealers themselves bring vulnerable system components, exploit them and disable protection from viruses. The data that the first attacker received in this way is sold to others, which in turn, leads to new cybercriminals in the information infrastructure. As a result, we get a snowball of problems if no counteraction is provided in time.

It is expected that in 2024, scammers will increasingly promote sites with embedded malware through ads in search engines. The reason for choosing this direction for attacks is obvious: you can't drag your malicious link into a newspaper or TV, but social engineering works perfectly on the network: scammers scan the current information background, select the most relevant news, rewrite, add screaming clickbait headlines to them and the job is done — a curious user clicks on the link. This method provides maximum audience coverage.

Cryptodrainers are no less popular in the criminal environment. Cryptocurrency is stylish, fashionable, and youthful. Almost everyone wants to be a crypto investor, a crypto broker, or is in the illusory confidence that no one will know anything about his purchases. Accordingly, the demand for settlements in cryptocurrency is growing, and people are starting to purchase tokens. Cryptocurrency does not exist physically, tokens are stored on the blockchain in a shared ledger, if such a simplification is allowed, but access to a user fragment of this book lies in a personal computer — this is the crypto wallet. Since its appearance, it has become one of the main targets of intruders, and the means and methods of its abduction or devastation are constantly improved. A large number of wallets appeared — a lot of pickpockets appeared, a large number of crypto wallets appeared — a large number of those who empty these wallets appeared. There is nothing fundamentally new, only criminal acts are committed not in the physical world, but in the digital environment.

We believe that the service model for intruders will grow and develop in 2024. Many scammers will provide subscription services and try to combine them into one ecosystem. Thus, several service models are likely to appear:

  • subscribing to a malware instance and the admin panel;
  • A service for creating phishing emails and delivering them is added to the software;
  • software + link promotion in social networks;
  • in the very near future, scammers will use AI to improve the quality of services, etc.

Cybercrime is becoming a “business community” with its own rules and competition, it is constantly being improved to attract new criminal customers and, accordingly, money. Certainly, this does not mean that users should abandon online services — cybersecurity is constantly ready for new and improved old threats, but at the same time, we must take this issue seriously, otherwise one day we may fall hopelessly behind.

Nikita Leokumovich