The landscape of digital security keeps evolving. Find out what developments are expected in the ransomware domain, the transformative role of AI in shaping digital security threats in 2024, updates in Android malware, and more. Gain valuable insights from the perspective of ESET's digital security experts as they delve into the latest developments in the field.
Ransomware: heightened activity, elevated ransoms, familiar actors
Building on ESET research team observations from 2023, there is an anticipation of ransomware actors becoming more active and aggressive in their ransom demands throughout 2024. Considering that the most active ransomware gangs are concentrating on expanding their "affiliate programmes" and currently engage numerous available and tech-savvy cybercriminals, the emergence of new major players in 2024 is not expected to be significant.
IoT: Potentially dangerous but still neglected by many manufacturers and end users
Internet of Things (IoT) malware has mostly slipped to the periphery of concern given its difficult detection, monitoring, and often unattainable mitigation. Still, it will represent a significant risk in 2024 and the coming years, as smart devices can easily be exploited to create large DDoS networks and anonymisation networks, or be used for targeted tracking of VIP users. While adequate security standards for IoT protection are available, not all manufacturers are willing to implement them.
End users also tend to overlook these devices and the reality that their smart devices may engage in illegal activities, as such activities do not directly impact their user experience. Simultaneously, attackers exploit an ever-increasing number of vulnerabilities and device types with alarming efficiency. Consequently, in the future, monitoring rogue IoT activity through honeypots and other tools will be crucial for comprehending and addressing both current and emerging cyber threats in this domain.
AI: Turbocharged malicious content, social engineering, and disinformation campaigns
The ESET research team has observed indications that cybercriminals are leveraging the expanding tools of generative artificial intelligence to enhance their current attack campaigns, particularly in crafting content for fraud, phishing, or other manipulative activities targeting users. In 2024, this trend is expected to accelerate with AI becoming central to generating social engineering components of the attacks.
Furthermore, AI-driven tools may exert an accelerating effect in other domains, such as disinformation campaigns and deepfake campaigns employed for political, ideological, or other motives. This is evident in examples like the dissemination of numerous fake videos via social media related to Israel's ongoing conflict with Hamas.
In the realm of financial threats, researchers have shown that generative AI can be abused to write web-skimming scripts, which could lead to a boost in threats such as Magecart in the near future.
Android: More trustworthy-looking and fast-spreading malware; Spyloan spreading beyond today's borders
In 2024, for the Android platform, the ESET research team is anticipating a steady growth of threats such as adware, various "clickers," and hidden apps whose operators generate revenue by displaying large amounts of ads to victims. This strategy proves effective because many users opt not to pay for premium versions of apps, instead choosing free, often counterfeit versions that come with malware and are frequently available in third-party stores.
It is also expected that malware creators and operators will utilise AI tools to enhance the language quality in malicious activity and boost the credibility of their malicious apps and content. The distribution of these apps will become more streamlined and rapid due to the generative capabilities of AI models, enabling the creation of new web pages with a single click. Of particular concern are malicious Spyloan applications, experiencing an alarming annual growth rate of 285%.
While predominantly spread through third parties, certain instances of these apps have already been removed from Google Play and may resurface in 2024. Furthermore, the anticipation is that the geographic impact of Spyloan apps will extend beyond Central and South America and Southeast Asia, where their prevalence is currently highest.