Gen's report reveals 614% surge in 'Scam-Yourself Attacks'

Gen has published its Q3/2024 threat report, revealing substantial increases in cybersecurity threats globally, including a dramatic rise in "Scam-Yourself Attacks".

The report, which analysed data from 500 million users worldwide from July to October 2024, highlighted a 614% surge in "Scam-Yourself Attacks," where social engineering tactics lead individuals to inadvertently install malware on their devices. Siggi Stefnisson, Cyber Safety CTO at Gen, shared, "In July through September, scams continued to dominate the threat landscape, while data-theft abusing malware and ransomware also increased rapidly. Our consistent focus is to empower people with the tools they need, such as the Norton Genie scam detector, so they can protect their digital lives as threats evolve."

In New Zealand, "Scam-Yourself Attacks" ranked as the third most common threat, preceded by general scams and malvertising.

This period also saw mobile adware become a looming concern for New Zealand's mobile users, escalating by 366%, compared to a global rise of 24%. Typical scenarios involve users downloading an ostensibly helpful app, only to be overwhelmed with unwanted advertisements.

Email-based threats remain prevalent in New Zealand. Phishing attempts, fraudulent invoices, cryptocurrency extortion, and lottery scams are reportedly on the rise. Additionally, romantic scams targeting individuals for financial exploitation or identity theft, and tech support scams impersonating IT professionals to access data, continue to pose threats.

Gen's threat report further details the tactics used in "Scam-Yourself Attacks," such as fake tutorials that disguise malware as free downloads on platforms like YouTube, and ClickFix scams where bogus computer solutions grant cybercriminals control over users' systems through text commands.

The report also highlights an overall 39% increase in data theft involving information-stealing malware, with Lumma Stealer identified as a prominent threat, having increased its activity by 1154%.

This malware exploits pathways like fake tutorials to collect sensitive data including credentials, crypto wallets, and browser information. Ransomware threats have seen a significant 100% increase in risk ratio, with Magniber being a leading threat, often exploiting vulnerabilities in outdated software such as Windows 7.

Data theft on mobile devices shows a worrying trend, with spyware, which can access sensitive data and record screens, surging by 166%. A new spyware strain, NGate, reportedly clones bank card NFC data, enabling unauthorised withdrawals or payments. Banking malware, targeting credentials, also increased by 60%, with new strains like TrickMo and Octo2 emerging. These threats are commonly distributed via malicious SMS messages.

Norton Genie, Gen's AI-driven app, employs real-time scam detection to combat AI-enhanced deception tactics used by cybercriminals, who utilise realistic deepfakes and crafted phishing emails to elude detection.

According to Norton Genie data, smishing attempts are increasingly prevalent, comprising 16.5% of scams, followed by lottery scams at 12%, and general phishing emails and texts at 9.6%.

The comprehensive insights into emerging scams and attack strategies provided by Gen's report demonstrate the rapid evolution of cyber threats, underscoring the necessity for proactive security measures to protect personal and financial data effectively.