The Changing Tactics Of Cyber Criminals Create Additional Risks For Employers

Global cybersecurity company, Kaspersky, published its Security Bulletin, its annual series of predictions and analytical reports on key shifts within the cybersecurity world.

The 2024 report identifies several key trends which include cybercriminals utilizing deceptive advertisements for malware distribution, an increasing demand for crypto asset-draining services, and an increase in services providing anti-virus evasion for malware programs.

Kaspersky monitors the dark web and has observed a considerable increase in extortion activities and data stealers in 2023. In the past 12 months, Kaspersky's experts noted a sharp increase in ransomware blog posts used for blackmailing companies or revealing new successful hacks. In 2022, around 386 such posts were published monthly. However, that figure climbed to an average of 476 in 2023, reaching a peak of 634 posts in November alone.

Kaspersky noted a concerning rise in posts regarding stealer malware, which cybercriminals use to steal sensitive information such as login credentials, financial details, and personal data. Notably, posts offering logs for the popular Redline stealer tripled from an average of 370 per month in 2022 to 1,200 in 2023. Overall, 2023 saw an almost 30 percent rise in the volume of various malware log files, containing compromised user data posted on the dark web. Shannon Williams, "Kaspersky forecasts dark web cyber-crime surge in 2024" www.securitybrief.asia (Jan. 23, 2024)

 

Commentary

 

A Kaspersky Principal Security Researcher with its Global Research and Analysis Team (GReAT) stated that cybersecurity demands a proactive stance. By monitoring dark web market activities and trends, observers can look at the enemy's playbook, thus allowing for early threat detection and understanding cybercriminal tactics.

Looking forward, Kaspersky anticipates cybercriminals to increasingly utilize search engine advertising to promote malware-embedded websites. Although previously reliant on phishing emails, cybercriminals now use Google and Bing ads to ensure their malware-embedded landing pages secure top positions in search results. Kaspersky predicts a significant rise in these deceptive practices.

This observation is a reminder of the critical importance of user or employee training. Remind employees of cybersecurity best practices, paying particular attention to areas of increased risk. Casually selecting on a search result provided by a search engine is no longer a low-risk proposition.

In the recent past, users seeking pirated software, movies, or music were the only ones encountering sketchy, insecure, and malware-infested websites. A simple search for a restaurant recommendation could lead an uninformed user to a top-rated, yet malicious website, which could lead to a network infection.

In addition to training, employers should also stress the importance of limiting work equipment to work and not personal matters. By limiting the number of searches and visits, an organization also limits the risk of hitting a malicious website.

 

Finally, your opinion is important to us. Please complete the opinion survey: