The importance of ransomware groups is increasing. Already 3.8% of corporate networks have experienced attempts of ransomware attack – warn Check Point Research experts. The most vulnerable sector worldwide is “education and research”, while in Poland it is public utilities companies. Polish organizations are primarily attacked by the Androxgh0st botnet.
Artificial intelligence increasingly influences hacker attacks. In September, cybercriminals are likely to have used AI to develop a script delivering AsyncRAT – a trojan that currently ranks 10th on the list of most common threats. According to Check Point Research analysts, the attack involves so-called HTML smuggling, where the victim was sent a ZIP file protected by a password, containing malicious VBScript. The whole operation, including well-structured and commented code, suggested the use of artificial intelligence. After infecting the system, AsyncRAT allows the attacker to remotely control the device, register keystrokes and deploy additional malware.
“The fact that cybercriminals have begun to use generative AI as part of their attack infrastructure shows how attack tactics are evolving. Hackers are increasingly using available technologies, which means that organizations have to adopt proactive security strategies” – says Maya Horowitz, Deputy Head of Research at Check Point Software.
Most frequently attacked sectors
In September 2024, education and scientific research were the most frequently attacked sectors, followed by administration and the healthcare sector. In Poland, in September, cyber criminals most often targeted the public utilities sector, the administrative-military sector, and the financial sector.
Check Point experts also provided data on the most significant threats affecting global organizations. The top three in September consisted of three programs:
- FakeUpdates (also known as SocGholish) – the most common malware in September 2024 that affected 7% of organizations worldwide. It is a downloader which writes malicious code on the disk before execution, leading to further infections.
- Androxgh0st – a botnet that attacks Windows, Mac and Linux platforms, stealing credentials such as data from Twilio and AWS accounts.
- FormBook – an infostealer that steals data from browsers, takes screenshots, monitors keystrokes, and can download and execute files on an infected computer.
Global number 2 – Androxgh0st, was also the most popular malware that plagued Poland’s cyberspace. This botnet affected 4.2% of Polish businesses and organizations.
Data based on information from so-called “shame pages” run by ransomware groups practicing double extortion, which publish information about victims, provided cybersecurity specialists with interesting data about the most active ransomware groups. This month, RansomHub is the most frequent ransomware attacking group, responsible for 17% of published attacks, followed by Play with 10%, and Qilin with 5%.
- RansomHub– a ransomware group responsible for 17% of published attacks. It is a Ransomware-as-a-Service (RaaS) operation that gained prominence in 2024, attacking a range of systems, including VMware ESXi.
- Play – a ransomware that debuted in 2022, successfully attacking various critical infrastructure sectors.
- Qilin – a RaaS operation that collaborates with affiliates to encrypt and exfiltrate data, focusing on large enterprises and organizations in the healthcare and education sectors.
Source: https://managerplus.pl/sztuczna-inteligencja-pomaga-hakerom-w-polsce-na-celowniku-przedsiebiorstwa-uzytecznosci-publicznej-84239
