Top 12 ways hackers broke into your systems in 2024 - CSO Online

Latest News on 2024 Hacking Tactics Analysis, Cybersecurity Vulnerabilities, and Phishing Scams

Hacking Tactics Analysis

1. Ransomware and RaaS Schemes:

   • Proactive law enforcement takedowns in 2024 have significantly disrupted the activity of several cybercriminal groups, including Qilin and LockBit1. Following the LockBit takedown, a new RaaS scheme called RansomHub emerged, listing victims on a leak site. This scheme has seen a steady increase in victim numbers, reaching 100 in November 20241.

2. New Malware and Tools:

   • North Korean threat actors have been observed dropping a new JavaScript malware called OtterCookie, designed for data theft and cryptocurrency wallet key extraction5.
   • Two malicious Python packages, zebo and cometlogger, have been found to exfiltrate sensitive information from compromised hosts. These packages were downloaded 118 and 164 times each before being taken down5.

3. Advanced Attack Techniques:

   • The Contagious Interview campaign has introduced a new JavaScript malware that establishes communication with a command-and-control (C2) server using the Socket.IO JavaScript library. This malware facilitates data theft and runs shell commands5.
   • Cloud Atlas, a hacking group of unknown origin, has been using a previously undocumented malware called VBCloud to target Russia and Belarus. The attacks employ phishing emails containing Microsoft Word documents that trigger an exploit for a seven-year-old security flaw5.

Cybersecurity Vulnerabilities

1. Critical Vulnerabilities:

   • A critical zero-click Windows TCP/IP vulnerability affecting all systems with IPv6 enabled was discovered in August 20242.
   • Two critical SAP vulnerabilities were revealed in August 2024, enabling attackers to bypass authentication and fully compromise affected SAP systems2.

2. Vulnerabilities in Software Tools:

   • Six vulnerabilities in Veeam Backup and Replication were revealed in September 2024, leading to unauthenticated remote code execution (RCE), authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification, MFA bypass, credential sniffing, and privilege escalation2.
   • Two ConnectWise critical vulnerabilities were discovered in March 2024, potentially leading to the compromise of sensitive data, unauthorized system modifications, and lateral movement within the network2.

3. Browser Extensions Compromised:

   • A phishing attack compromised Cyberhaven's Chrome extension by gaining access to the Google Chrome Web Store using an employee's credentials. The malicious update allowed attackers to exfiltrate cookies and authentication tokens for certain social media and AI platforms4.

Phishing Scams

1. Spear-Phishing:

   • Spear-phishing has seen an increase in 2024, where scammers create personalized scam messages after gathering information on the victim. This tactic uses data breaches and public social media profiles to build convincing messages3.

2. AI-Generated Images and Voice Cloning:

   • AI-generated images are becoming more prevalent in scams, making it harder to spot impersonation. Scammers are also using AI tools to clone voices, making scam calls more persuasive3.

3. Well-Crafted Communications:

   • The rise of large language models like ChatGPT is being used by scammers to write phishing messages with improved grammar and spelling, making them harder to detect3.

4. Malicious Tools and Techniques:

   • Malicious tools like EDRKillShifter, developed by RansomHub, are used to disable endpoint detection and response (EDR) software on compromised systems2.
   • Malwarebytes has disclosed that criminals are employing decoy landing pages with AI-generated content, propagated via bogus Google search ads, to lure visitors to phishing sites5.

Summary

The latest news on 2024 hacking tactics analysis, cybersecurity vulnerabilities, and phishing scams highlights several key trends:

• Ransomware and RaaS Schemes: Proactive law enforcement takedowns have disrupted major cybercriminal groups, leading to the emergence of new RaaS schemes like RansomHub.
• New Malware and Tools: North Korean threat actors have introduced OtterCookie, while malicious Python packages like zebo and cometlogger have been used for data exfiltration.
• Advanced Attack Techniques: The Contagious Interview campaign and Cloud Atlas have employed sophisticated malware and phishing techniques.
• Cybersecurity Vulnerabilities: Critical vulnerabilities in Windows TCP/IP, SAP, Veeam Backup, and ConnectWise have been identified.
• Phishing Scams: Spear-phishing, AI-generated images, voice cloning, and well-crafted communications using large language models are increasingly used by scammers.

These trends underscore the evolving nature of cyber threats and the need for continuous vigilance and advanced security measures to mitigate these risks.