A new report out today from enterprise search technology provider Elastic N.V. details the growing sophistication of cyberthreats, with a particular emphasis on artificial intelligence-augmented phishing and deepfake misinformation.
Based on billions of security events voluntarily shared by Elastic’s customers and enriched with open-source data, the 2024 Elastic Global Threat Report digs into areas such as how cybercriminals are leveraging generative AI to create highly personalized phishing campaigns and how AI-generated deepfakes are beginning to surface in political interference and extortion cases.
On the generative AI side, the report details how the technology is being used by cybercriminals to craft highly personalized and convincing phishing campaigns. AI-driven attacks can produce documents that closely mimic legitimate communications, which make it harder for users to spot fraudulent content and hence, increase the success rate of phishing attempts: If you can’t spot a fake, the chances of success immediately increase.
The use of AI to create deepfakes for misinformation campaigns for purposes such as political interference and extortion also gets a look in, with the potential risk noted as growing. Organizations are being urged to prepare by integrating AI-focused training into their security strategies.
On the malware side, the report shows that Windows is still the most targeted operating system for malware, accounting for two-thirds of all detections. Linux systems, particularly in server environments, were found to be being increasingly targeted and now account for nearly a third of detections, reflecting their critical role in infrastructure.
In terms of types of attacks, trojans — a type of malicious software that disguises itself as legitimate to deceive users into executing it — dominate the malware landscape, representing 82% of all malware types observed. While trojan infections rose, cryptominer detections, however, sharply declined from 22% to 4%, indicating a shift in financially motivated cyberattacks.
The report also delves into cloud security, finding that credential access attempts now account for 23% of all cloud-related activity.
Credential access techniques, such as brute force and phishing attacks, were found to remain the primary methods used to breach cloud environments, with Microsoft Azure seeing the highest number of signals. The report stresses that enterprises must focus on securing credentials and monitoring identity and access management systems to prevent unauthorized access and reduce the impact of cloud-based attacks.