By Stephen Kho, Cyber Security Expert for Avast
2023 was an unprecedented year in cyber threats. Our Avast Q4 Threat Report reveals we witnessed a surge increase of 49% from last year, resulting in 10 billion attacks.
According to our report, which looks at the threat landscape from October-December 2023, scams, phishing and malvertising continue to account for more than 75% of all cyber threats.
The complex web of attacks that jeopardise the digital landscape increased in intensity in the final quarter of 2023, with a 17% quarter-to-quarter increase, with the monthly average exceeding 1.2 billion attacks.
Exploitation of PDF files: Be careful what you open
In recent times, the cybersecurity landscape has seen a surge in sophisticated malware attacks, with cybercriminals exploiting various vectors to compromise systems and networks. One particularly concerning trend has been the expansion of malware threats through PDF files, a used format for document sharing and collaboration.
In the last quarter of 2023, Avast blocked more than 10 million PDF-based attacks, protecting more than 4 million users worldwide. Threat actors turned their attention to PDF files in the final months of the year, weaving a complex web of attacks. Our researchers observed a spectrum of PDF-related threats and scams, ranging from simple lottery and dating scams, to documents containing deceptive information such as phishing links directing people to pages mimicking well-known brands like Netflix or Amazon. Researchers also saw an uptick in complex campaigns delivering more sophisticated threats like password stealers such as AgentTesla.
The proliferation of PDF-based cyber threats underscores a significant shift in the tactics of cybercriminals. PDF files are popular due to their platform-agnostic nature, which allows them to be seamlessly opened from any device, making them the ultimate delivery payload. Furthermore, PDF attachments are often allowed by default by spam gateways, adding another layer of vulnerability.
Social engineering becoming more aggressive
Social engineering is always present in the work of cyber threats, and we can analyse the typical behaviours used to fool users. One common example is a message that supposedly comes from a known company, such as Amazon or some financial entity, with a clearly defined message.
Web threats continued to dominate, with scams, phishing, and malvertising ranking as the top threat types overall. The use of malicious browser push notifications escalated, becoming a preferred tool for scammers across various domains, from adult content sites to technical support scams.
Beyond the methods of delivery for scams, AI continues to help criminals create more believable scams. Deepfake videos, especially those endorsing investment scams, displayed a heightened level of sophistication in the final quarter of the year, challenging the ability to distinguish between real and fabricated content.
A sense of urgency is key in most scams, encouraging victims to act fast and not think twice about the situation. Some other scams are more subtle.
The large variety of scams
There are a variety of desktop-related threats employed by cybercriminals to try and exploit targets and engage in malicious activity. Some of these threats we have seen an uplift in activity, which is outlined in our Q4 Threat Report, they include:
- Advanced Persistent Threats (APTs): A type of cyberattack conducted by highly skilled and determined hackers that use resources and expertise to penetrate a target’s network and maintain long-term presence undetected.
- Adware: Refers to software that is considered unwanted, installed without the user’s consent, tracks browsing behaviour, redirects web traffic, or collects personal information for malicious purposes such as identity theft.
- Bots: A threat with the primary intention of securing long-term access to a device. Whether through remote control, spam distribution, or denial of service attacks (DoS), bots are intended to gain access to a device’s resources.
- Coinminers: Programs that use a device’s hardware resources to verify cryptocurrency transactions and earn cryptocurrency as compensation. When used by cybercriminals, coinminers hijack a victims computer resource to generate cryptocurrency for an attacker.
- Information stealers: Dedicated to acquiring any valuable information from a victim’s device. This primarily involves stored credentials. Cryptocurrencies, browser cookies, browser passwords and private documents.
When analysing our detection statistics for 2023, web threats were the most active category, accounting for 75% of all threats blocked by us during the year. These range from financial, dating, and tech-support, to refund and invoice scams.
Despite the diversity of these cyber-attacks, our analysis reveals the overarching reliance on social engineering and exploitation of trusted channels. We have been successful in blocking a substantial number of these attacks highlights how robust cybersecurity measures are highly effective. However, education and awareness of common threats, including social engineering scams which leverage a sense of urgency, the promise of rewards, and the fear of loss are also valuable to ensuring the protection of personal data and information.
As we wade through the ever-changing sea of cyber threats, staying informed and aware is like a lighthouse guiding us to safety. Getting a grip on the tricks and tactics of cybercriminals, and spotting their sneaky scams is our frontline defence. Think of our journey to a more secure online world as more than just a set of actions; it’s a whole way of thinking. Be curious, ask questions, and keep up with what’s new in the world of online security.
About Author:
Stephen is the Director of Offensive Security, for Avast. He joined Avast in November 2020, and is responsible for leading a team that undertakes penetration testing on software systems to identify vulnerabilities and facilitate the development of secure infrastructures against potential threats.
Stephen is a security professional with over 20 years of security industry experience across multiple business sectors including finance and telecommunications. Prior to working at Avast, he was Technical Customer Success Manager at software and IT firm Micro Focus where he worked with the top 50 ASX listed Australian financial and telecommunications companies as well as federal government departments in Canberra to implement cyber security monitoring and application security programs. Before that, Stephen held the deputy CISO/Ethical Hacker role at Dutch telecommunications company KPN. Earlier, he held security consultant positions in the telecommunications and IT space, including at Verizon Business and Siemens. His knowledge in the areas of penetration testing, security technologies and risk management is extensive; arising from his network engineering, security consultancy and hands on penetration testing background.
Stephen holds a Bachelor of Computer Systems Engineering with an Honours from the University of Queensland.
Stephen is available for media interviews in Australia and New Zealand and can also provide practical tips and explainer content for both consumer and business audiences. He can provide expert commentary across a range of topics including (but not limited to): online scams and cyber threats such as phishing, adware, malware, ransomware, stalkerware and sextortion; business security such as how companies can keep their infrastructures safe; cyber security trends with Avast data available; and penetration testing/ethical hacking.
About Avast
Avast is a leader in digital security and privacy, and part of Gen™ (NASDAQ: GEN), a global company dedicated to powering Digital Freedom with a family of trusted consumer brands. Avast protects hundreds of millions of users from online threats, for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Avast is a member of the Coalition Against Stalkerware, No More Ransom and Internet Watch Foundation.