Research (Insikt)

H1 2024: Malware and Vulnerability Trends Report

Posted: 10th September 2024
By: Insikt Group®

insikt-group-logo-updated-3-300x48.png

Summary:

The "H1 2024 Malware and Vulnerability Trends Report" shares how threat actors refined their tactics and exploited zero-day vulnerabilities, leaving organizations increasingly vulnerable. Key trends include the rise of infostealer malware, which dominated the threat landscape, and a significant 103% surge in Magecart attacks targeting e-commerce platforms. Ransomware groups have also evolved, using new techniques such as passwords to validate execution and prevent analysis. The exploitation of widely used remote access software like Ivanti Secure Connect, PAN-OS, and Microsoft SmartScreen was a focal point for cybercriminals and state-sponsored actors.

The first half of 2024 witnessed an escalation in sophisticated cyberattacks, with threat actors sharpening their techniques to exploit newly disclosed vulnerabilities, evade detection, and cause greater damage. In this report, we delve into the key trends shaping the cybersecurity landscape and what organizations can do to protect themselves.

Zero-day Vulnerabilities

Zero-day vulnerabilities, particularly those affecting remote access and security solutions, became prime targets for cybercriminals and state-sponsored groups. Despite the availability of patches, attackers continued exploiting these vulnerabilities, which later became known as n-days. The ease of exploitation, combined with proof-of-concept (PoC) exploit code circulating online, made these vulnerabilities attractive to less-sophisticated hackers. The top vulnerabilities exploited in H1 2024 included flaws in Ivanti Secure Connect, PAN-OS, and Microsoft Windows SmartScreen.

Infostealers Dominate the Malware Landscape

Infostealers dominated the malware landscape as the most prevalent malware category in the first half of 2024. LummaC2, a stealthy malware designed to harvest sensitive information, became the most active, replacing other well-known infostealers like RedLine. These types of malware steal personal information, such as credit card details and login credentials, which are then sold on underground forums. The financial motivation behind these attacks has driven an increase in infostealer activity, posing a severe risk to businesses and individuals alike.

Ransomware Groups Evolve Their Tactics

Ransomware continued to be a significant threat, with groups like Fog, RansomHub, and 3AM adopting tactics to hinder analysis and evade detection. Notably, these ransomware operators began using passwords to validate the execution of their payloads, a technique that prevents security tools from automatically analyzing the malicious code. Additionally, we saw ransomware paired with malware loaders like GuLoader and Remcos, creating attack chains that were more difficult to detect and block.

Magecart Attacks Surge

Magecart, a form of cyberattack that targets e-commerce platforms by injecting malicious code to steal customer data, saw a staggering 103% increase in H1 2024. This surge was likely attributed to vulnerabilities in widely used platforms like Adobe Commerce and the appearance of new e-skimming tools, such as "Sniffer by Fleras." As online retail continues to grow, these attacks present a significant risk to businesses and their customers, highlighting the need for stronger security measures on e-commerce sites.

How to Protect Your Organization

To mitigate the risks posed by these evolving threats, organizations must adopt a layered defense strategy that includes proactive monitoring, patch management, and employee education. Here are key steps to take:

  1. Improve Patch Management: Ensure that vulnerabilities, especially in remote access software, are patched promptly. Automating patch management can help reduce the window of opportunity for attackers.
  2. Implement Heuristic and Behavior-Based Detection: Deploy advanced threat detection systems that can identify suspicious behaviors, such as process hollowing or the use of less-common programming languages, like Lua or NIM.
  3. Educate Employees: Social engineering remains a key entry point for malware. Continuous education on phishing tactics and malware distribution methods is critical to reducing human error.
  4. Strengthen E-commerce Security: Businesses that rely on e-commerce must prioritize security by regularly auditing third-party integrations, implementing strict content security policies (CSPs), and conducting frequent vulnerability scans.

Looking Ahead: What to Expect for the Rest of 2024

The remainder of 2024 will likely see an increase in the exploitation of newly discovered vulnerabilities in widely used enterprise software. Remote access tools and next-generation firewalls are expected to remain key targets due to their widespread use. Additionally, the trend of infostealers dominating the malware landscape will continue as demand for stolen credentials on underground markets persists. Magecart attacks are also expected to remain a serious threat, with attackers continuing to experiment with new e-skimming techniques.

To read the entire analysis, click here to download the report as a PDF.

Related