A recently published cyber threat report of Avast revealed substantial dominance of social engineering in cyber threats during the first quarter of 2024. According to the report, almost 90% of cyber threats cyber attacks on mobile and 87% on desktop devices involved scams, phishing and malvertising, exploiting human vulnerabilities more than technical weaknesses.
A significant increase in scams using sophisticated technologies such as deepfake videos and AI-manipulated audio has been seen. These scams often use hijacked YouTube channels and other social media platforms to distribute fraudulent content. The report highlights that these deceptive practices are becoming increasingly complex, with cybercriminals leveraging high-profile events and figures to boost the credibility of their scams.
YouTube, in particular, has become a key vector for these threats. Avast telemetry indicated that over the previous year, four million unique users were protected against YouTube-based threats, with around 500,000 users protected in the first quarter alone. Cybercriminals are increasingly leveraging YouTube’s automated advertising and user-generated content features to bypass traditional security measures, deploying a variety of attack vectors ranging from phishing campaigns to malware distribution.
The report describes several scam tactics prevalent on YouTube:
- Phishing campaigns specifically target creators offering fraudulent collaboration offers, leading to the spread of malware and account compromise.
- Attackers post videos with descriptions containing malicious links, disguising them as legitimate downloads of popular software.
- Channel hijacking, where attackers take over YouTube accounts to run various scams, including crypto schemes that often start with fake giveaways.
- Attackers leverage reputable software brands and create domains that imitate legitimate companies to distribute malware disguised as genuine software.
Beyond individual platforms, the broader Malware as a Service (MaaS) trend has been identified as a growing sector within cybercrime. Criminals rent malware, facilitating a commission-based partnership in which even less experienced hackers can launch attacks. This model simplifies the process of executing cyberattacks, making advanced tools accessible to a wider range of criminals.
Malware types such as DarkGate and Lumma Stealer have been specifically mentioned for their methods of propagation, including through platforms such as Microsoft Teams and YouTube. These methods highlight the continued evolution of cybercriminal strategies, emphasizing the role of social engineering.
Jakub Kroustek, director of malware research at Gen, highlighted the seriousness of the situation:
“In the first quarter of 2024, we recorded the highest cyber risk ratio ever recorded, meaning the highest likelihood of an individual being the target of a cyber attack. »
He added that human vulnerabilities are an important target for cybercriminals, who exploit emotional reactions and curiosity to gain access to personal information and financial assets.
As technically targeted exploits and hacks in crypto have fallen Over the past year, Avast’s report shows how non-technical attacks have increased. Human vulnerabilities are often the most challenging aspects of operational security and AI already appears to have made enough progress to offer a solution. a considerable challenge for security experts.
