Experts on cyberattacks in 2024: ‘Hackers actively attacked the infrastructure of Russian companies, especially that of SMEs’

In 2024, 1.8 billion cyberattacks were recorded in Russia — and this does not include phishing, which, as Realnoe Vremya was told, is still among the top favorite techniques of fraudsters. Read about what other types of cyberthreats were common last year and which are relevant this year in a report of the newspaper.

Increase in the use of AI technologies in phishing and Fake Boss-type attacks*

If we talk about business, then small and medium-sized companies were most often subjected to cyberattacks, Innostage SOC CyberART Cyber Threat Countermeasures Centre told Realnoe Vremya:

In 2024, hackers actively attacked the infrastructure of Russian companies, especially small and medium businesses, seeking to disrupt the functioning of their systems and services.

The top common types of cyber fraud last year included phishing attacks, the use of malware, account compromise, and attempts to exploit vulnerabilities. “Attacks on IT supply chains have increased, affecting vendors, integrators, and their clients. In addition, there was an increase in the use of AI technologies in phishing attacks, as well as the use of messengers to distribute malware and Fake Boss-type attacks*,” the experts said.

“These trends will continue in January 2025. Recently, we encountered a targeted phishing attack using the Rogue RDP vector. The attackers convinced users to connect to a terminal server that they completely controlled in order to gain remote access to their system and credentials to further develop the attack,” the company concluded.

Subscriptions to hacker services and the development of malware

The trends of 2025 also include the distribution of hacker services by subscription. As Gazeta.Ru reports with reference to research of the darknet market by Positive Technologies, the subscription model will soon spread to the exploit segment and cover all shadow forums.

Also relevant is the development of the market for cheap malware (MW), which in the third quarter of 2024 was used in 65% of cyberattacks. This includes ransomware available for individual attacks on small and medium businesses.

Attackers actively distributed malware, including in messengers

In total, from January to December 2024, 1.8 billion cyberattacks were recorded in Russia, 500 thousand of which were attacks using ransomware, Gazeta.Ru reported, citing the press service of Kaspersky Lab. This does not include DDoS attacks, as well as attacks using phishing messages. In general, experts did not record an increase in the total number of cases, but the number of attacks on smartphones increased by 12%.

“Attackers actively distributed malware, including in messengers — under the guise of photographs, trackers for tracking deliveries, support applications for telecom operators, services for receiving medical care, and more. Among the most notable malware are SpyNote, a Trojan with remote access functions, and Mamont, a mobile banking Trojan,” said Dmitry Galov, head of Kaspersky Lab's Kaspersky GReAT division in Russia.