- Banking institutions were hit hardest by ransomware attacks in the first half of 2024, followed closely by technology sector.
- Trend Micro’s report highlights resilience of threat actors.
Trend Micro warned that threat actors have bounced back from recent law enforcement efforts to unleash a new wave of attacks leveraging AI and other techniques.
As per Trend Micro’s first half report, malicious actors remains acute despite successful law enforcement actions against LockBit (Operation Cronos), dropper malware networks (Operation Endgame), and unsanctioned use of Cobalt Strike (Operation Morpheus).
LockBit is widely recognised as the world’s most prolific and harmful ransomware, causing billions of euros worth of damage and has even developed a new variant, LockBit-NG-Dev.
The Department of Justice joined the United Kingdom and international law enforcement partners in February this year and announced the disruption of the LockBit ransomware group.
No time for complacency
The partners disrupted LockBit’s operations by seizing numerous public-facing websites used by LockBit to connect to the organisation’s infrastructure and seizing control of servers used by LockBit administrators, thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data.
In addition to the seizing of technical infrastructure, the law enforcement operations around LockBit also include arrests in Poland, Ukraine, and the US, as well as sanctions for two alleged members of the group who are based in Russia. The group has members spread around the world, the officials said.
Tony Lee, Head of Consulting at Trend Micro Hong Kong and Macau, said that Trend Micro blocked over 75.9 billion threats for customers in the first half of the year, but there’s no time for complacency.
“As malicious actors begin to embrace AI as a tool, industry must respond in kind, by designing security strategies to take account of evolving threats. This is an arms race we can’t afford to lose.”
A big cause of concern, he said is criminal use and abuse of AI.
Deepfake offerings rise
During Operation Cronos, Trend Micro analysed an in-development LockBit sample with a completely new code base – LockBit-NG-Dev (where NG stands for “new generation”). Based on Trend Micro’s analysis, LockBit-NG-Dev is written in .NET, is compiled using CoreRT, and is believed to be platform-agnostic.
Trend Micro has observed threat actors hiding malware in legitimate AI software, operating criminal LLMs, and even selling jailbreak-as-a-service offerings.
The latter enable cybercriminals to trick generative AI bots into answering questions that go against their own policies—primarily for developing malware and social engineering lures.
Also in the first half, cybercriminals have been ramping up deepfake offerings to carry out virtual kidnapping scams, conduct targeted BEC-type impersonation fraud, and bypass KYC checks. Trojan malware has been developed to harvest biometric data to help with the latter.
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
You must be logged in to post a comment.