Positive Technologies has analyzed cyberthreats in Q4 2024. According to the company's research, the number of cyberattacks increased by 13% compared to the same period in 2023. Over half of the cyberattacks targeting organizations resulted in the exposure of confidential information, while approximately one-third of incidents disrupted core business operations. The majority of attacks on individuals led to financial losses.

According to Positive Technologies, social engineering was used in 50% of cyberattacks targeting organizations. Email remains the most popular entry point for attackers, accounting for 84% of incidents. During the analyzed period, ransomware (42%) and remote access trojans (38%) were the most commonly used tools in attacks against organizations. Additionally, malicious software, including data-stealing malware, was used in 20% of successful attacks. For example, in mid-November, the Positive Technologies Expert Security Center (PT ESC) identified a campaign distributing Lumma Stealer and NetSupport RAT. Employees of Russian organizations received phishing emails containing malicious LNK and DOCX files. When victims opened these attachments, malware was downloaded onto their devices.

In successful attacks against organizations, attackers used new fraud schemes and malware delivery techniques. One new tactic involved sending fake termination emails with malicious attachments, likely containing banking trojans, suggesting that the attackers were financially motivated. Another new method included delivering malicious payloads via intentionally corrupted Microsoft Office documents that bypassed detection by security tools. These corrupted files contained QR codes that directed victims to fraudulent websites designed to install malware or steal credentials. Experts warn that this document corruption technique could be adopted by other attackers in the future.

Social engineering was also widely used against individuals, accounting for 88% of attacks. Websites (44%), social media (22%), and messengers (18%) were the primary channels for social engineering attacks. Attackers also used leaked personal data and compromised accounts to create deepfakes. Individuals, including Russian users, became victims of infostealers¹ due to fake CAPTCHA prompts on malicious websites. After completing the fake bot check, victims were instructed to paste clipboard data into the command line, which then led to malware being downloaded and installed on their devices.

Anna Golushko, Senior Information Security Analyst at Positive Technologies, noted: "Legitimate CAPTCHA checks never require entering commands in the operating system or within the web page itself. Real CAPTCHA methods involve simple tasks like arranging shapes, entering a sequence of alphanumeric characters, or checking a box to confirm you're human. Additionally, a genuine CAPTCHA will never ask for sensitive information such as login credentials, passwords, or credit card numbers. If a CAPTCHA prompt is followed by a request for confidential information, it's a clear warning sign."

This report contains information on current global cybersecurity threats based on Positive Technologies own expertise, investigations by Positive Technologies Expert Security Center, and reputable sources.