“Emerging Cybersecurity Threats to Watch Out for in 2024”
As we approach the close of 2024, cybersecurity experts are looking back at a dynamic and eventful final quarter (Q4) of the year, which has seen a surge in the number and sophistication of cyber threats. The increasing complexity of attacks, combined with new techniques and tools, signals the growing challenge for businesses and individuals alike in maintaining robust cybersecurity defenses. According to ANY.RUN’s quarterly report, this period marked significant changes in the landscape of malware, phishing, and cybercriminal tactics.
Surge in Malware Activity
Q4 2024 witnessed a substantial uptick in cybercriminal activities, with over 1.15 million public interactive analysis sessions conducted by ANY.RUN users. This represents a 5.6% increase from the previous quarter, with 22.6% of the sessions flagged as malicious and 6.2% categorized as suspicious. This increase in suspicious and malicious activities points to the continued rise in the scale and complexity of cyber threats.
A staggering 712 million Indicators of Compromise (IOCs) were collected, shedding light on the sophisticated nature of the attacks. Cybercriminals are becoming more advanced in their methods, and the tools they use are only getting more refined and harder to detect.
The Rise of Stealers and Loaders
The most notable change in the malware landscape was the rise of “Stealers”—malware designed to steal sensitive data, such as login credentials and personal information. In Q4, Stealers were the most detected malware type, with 25,341 detections, a significant 53.5% increase from the previous quarter. Other malware types, such as Loaders, also saw notable increases, with a 27% rise in activity.
Interestingly, the presence of Adware in the top ten list of most detected malware marked its growing importance in cybercriminal arsenals. Adware, often used for spreading unwanted advertisements, has become a key tool in the cybercriminal toolkit, signaling a shift in tactics.
Most Active Malware Families
Some familiar names among the most active malware families continued to dominate, including Lumma, which saw a 68.7% increase in detections. However, a new threat emerged with Stealc, which more than doubled its detections from Q3, indicating a significant rise in its use. Other active malware families included Redline, Amadey, and Xworm, each displaying a notable rise in activity.
Phishing Threats Take Center Stage
Phishing attacks experienced a dramatic rise in Q4, with 82,684 phishing-related threats flagged, highlighting the ongoing evolution of phishing tactics. The Tycoon2FA phishing kit emerged as the most common, with 8,785 detections. Cybercriminal group Storm1747 uploaded over 11,000 phishing-related samples, underscoring the scale of the phishing threat.
Phishing remains one of the most insidious forms of cybercrime, and its evolution is a clear indication that cybercriminals are adapting their techniques to exploit new vulnerabilities.
The Role of Obfuscation Tools
Malware creators are increasingly using obfuscation tools to evade detection. Tools like UPX, Netreactor, and Themida have become standard in the cybercriminal toolbox, helping to disguise malware code and make it harder for security teams to detect and mitigate threats. With over 12,000 detections of UPX alone, the role of these tools cannot be underestimated in the fight against evolving cyber threats.
Advanced Tactics and Techniques
In Q4, cybercriminals made extensive use of advanced techniques to bypass traditional cybersecurity defenses. One of the most prominent was the Windows Command Shell (T1059.003), which led with 44,850 detections. Additionally, techniques like masquerading through renamed system utilities (T1036.003) and spearphishing links (T1566.002) saw a sharp rise in activity compared to previous quarters.
These tactics show that adversaries are leveraging increasingly sophisticated methods to remain undetected and maximize their chances of success.
A Call to Action for Cyber Defenders
The findings from ANY.RUN’s Q4 2024 report serve as a wake-up call for businesses and individuals alike. As cybercriminals diversify their tactics and scale their operations, the need for proactive cybersecurity measures has never been greater. Platforms like ANY.RUN offer critical insights into the evolving threat landscape, empowering security teams to stay ahead of emerging threats.
Organizations must adopt a continuous monitoring approach, implement robust defenses, and maintain agile response strategies to combat the growing complexity of cyberattacks. With the threat landscape shifting so rapidly, staying vigilant and informed is the best way to protect against the ever-evolving world of cybersecurity threats.
Looking Ahead to 2025
As we move into 2025, the outlook remains challenging. The continued rise of Stealers, the increasing sophistication of phishing kits, and the widespread use of obfuscation techniques are all indicators that the cybersecurity battle is far from over. Cybersecurity professionals must remain on high alert, using advanced tools and threat intelligence platforms to track and analyze the latest threats.
By maintaining a proactive stance and staying informed on the latest cybersecurity trends, organizations can better protect themselves from the ever-changing landscape of cyber threats in 2025 and beyond.
About ANY.RUN
ANY.RUN is a leading interactive malware analysis platform that helps over 500,000 cybersecurity professionals worldwide. Its suite of threat intelligence tools, including TI Lookup, YARA Search, and Feeds, provides users with actionable insights to track, analyze, and respond to emerging cyber threats. With its cutting-edge malware analysis and tracking capabilities, ANY.RUN continues to be an essential tool in the fight against cybercrime.
