A new report from Gen, whose cyber safety brands include the likes of Norton, Avast, Avira and AVG, has confirmed a dramatic rise in an attack methodology that is, at the same time, unfamiliar to most yet hugely exploited by cybercriminals. That threat is to be found in scam-yourself cyber attacks. Here’s what you need to know and do.
What Are Scam-Yourself Cyber Attacks?
The threat research team at Gen has published a new intelligence report that promised to provide in-depth insights into the forces that have reshaped the threat landscape across quarter three of 2024. Employing threat telemetry across the aforementioned cybersecurity brands, the Gen Q3/2024 Threat Report has broken down into sections covering desktop threats targeting Windows, Linux and Mac operating systems, web-related threats and those impacting Android and iOS mobile operating systems and devices. Perhaps the most surprising trend uncovered by this analysis is regarding what the researchers refer to as scam-yourself attacks. These broadly cover what we might also call social-engineering or phishing attacks, the common denominator being the psychological manipulation of victims into doing something malicious without initially realizing it.
The key scam-yourself threats, which researchers from Norton said have seen a 614% increase from the previous quarter, are as follows:
Fake Tutorial Cyber Attacks
Cybercriminals will use video tutorials on popular platforms that claim to link to free software downloads for use by the victim during the tutorial but are actually laden with malware.
ClickFix Scam-Yourself Cyber Attacks
These tech support scams offer people help with fixing a technical issue, real or imagined, that actually prompts the victim to copy text into the command prompt that ultimately gives the hacker control of the system.
I Am Not A Robot Cyber Attacks
This fake CAPTCHA prompt scam is becoming ridiculously fashionable within the criminal world, so much so that Norton reported telemetry showing that in quarter three of 2024 alone some 2 million people were targeted by it. As you might have already guessed, this scam-yourself cyber attack takes the form of tricking a victim into completing a CAPTCHA challenge that in reality copies malicious code onto the system clipboard to install malware content onto their device.
Fake Update Cyber Attacks
Malware disguised as an urgent, or even routine, software update appears to be harmless but gets the victim to paste a malicious script into their system that gives the hacker admin privileges. One threat actor known for using fake updates is ClearFake, most often employing the fake web browser update tactic. “This quarter we saw something interesting,” the report stated, “ClearFake adapted.” What the threat actor started doing was employing the previously mentioned ClickFix tactic in campaigns, “showing that threat actors are willing to shift strategies when one method proves more effective than another.”
Scam-Yourself Cyber Attacks Rely Upon Catching People Off-Guard
These scam-yourself attacks, the report stated, form a broader web of deception that’s catching millions of people off guard. “In July through September, scams continued to dominate the threat landscape,” Siggi Stefnisson, cyber safety chief technology officer at Gen, said, “while data-theft abusing malware and ransomware also increased rapidly.” Indeed, it would be foolish to ignore the dangers of data-stealing malware when such information stealers have jumped in popularity among cybercriminals by 39% across the quarter. That number pales into insignificance when looking at one specific information stealer, Lumma Stealer. “The most popular information stealer, Lumma Stealer, increased its share by 1154%,” the report stated, using methods like the previously mentioned fake video tutorials.
“Our consistent focus is to empower people with the tools they need,” Stefnisson said, “such as the Norton Genie scam detector, so they can protect their digital lives as threats evolve.” Whatever protection you use, just make sure you use something would be my advice. These cyber attacks, be they of the scam-yourself, social engineering type or any other, can be defended against with the combination of the proper security tools and a large dose of awareness.
