Cybercrime business is increasingly sophisticated

The telecommunications operator published the next edition of the annual report, in which he summed up the most important cyber threats detected in 2024. The results leave no illusions – cybercrime not only does not weaken, but is becoming more and more organized and technologically advanced.

Phishing, which in 2024, accounted for 45 percent in 2024 for years. all incidents registered by a team of experts monitoring user safety in the Orange network. According to the latest CERT Orange report, the vast majority of network frauds were fraud related to false investments.

Criminals are massive on the Internet, fraudulent sites encouraging to transfer funds to alleged investments in securities in large, recognizable companies, e.g. energy concerns or financial institutions, unlawfully using not only their brands, but also the images of celebrities, which they make their actions realize.

A user who will come to such a website, for example by clicking an advertisement on a social networking site or a link displayed in the search engine on the “investment” password, is urged to transfer contact details for the needs of the investment process. The fraudster impersonating the investment advisor then tries to extort her funds from the victim, indirectly (when the victim realizes transfers) or directly (when he manages to convince her to install a software enabling remote access to the computer).

In 2024, there was a rapid increase in the number of such frauds – they already constituted 60 percent. all phishing attempts identified by Orange experts. For comparison, in 2023 this percentage was only 28 percent.

30 percent Frauds concerned false payments, including the so -called Fraud “for the Buyer”. The number of cases of smishing, i.e. phishing by SMS, has also increased. Most often they concerned the supply of parcels, impersonating banks, false competitions, as well as attempts to extort login data to cryptocurrency exchanges.

Cybertarcza Orange – a mechanism that operates in the Orange network and protects its users for free – blocked 305,000 fake websites. She protected nearly 4.85 million users who clicked dangerous links leading to them. CERT Orange Polska is actively cooperating with users who can report unexpected messages and links to the number 508 700 900. In 2024, the team received almost 4,000 applications of this type, which significantly contributed to faster identification of new threats.

This is a really great source of additional information for us. Often, thanks to these applications, we learn about events that we had no idea about any other sources – said Robert Grabowski, head of Cert Orange Polska. Interestingly – these are not just cases of classic phishing or malware. – Sometimes there are reports, which at first glance look quite unusual, even strange. But if a man is delved into a decent research, it suddenly turns out that something really serious is hidden under it – he added.

Cybercriminals are building their own ecosystems

The intensity of DDoS (Distributed Denial of Service), consisting in blocking access to websites or online services, has increased significantly. Most such alerts were registered at the turn of September and October 2024. When their number reached up to 10,000 alerts a day.

More sophisticated forms of attacks were also observed – e.g. carpet bombing (literally: carpet raids) when the whole subnet are attacked instead of one IP address. Increasingly, the effectiveness of the attack is also determined not only by strength, but also the format and content of data packages, adapted to the target. Cert Orange Polska experts point to the development of an organized cybercrime ecosystem.

– What is striking is the growing professionalization of cyber criminals. Simply put – we are dealing with something like a supply chain, only in a criminal version. Each group or person specializes in a specific stage of the attack, does what is the best at or what is most profitable for them – says Robert Grabowski, head of CERT Orange Polska.

For example – we have so -called Initial Access Brokers, i.e. groups that deal with obtaining the first access to company infrastructure. They sell this access. The next group pulls out data using previously obtained cookies or logins and passwords. And finally, another team appears that conducts a typical ransomware attack – encrypts data and demands a ransom.

Importantly, the mechanisms of extortion have also changed. It used to be mainly a fee for decrypting data – that is, pay you, we will give you the decryption keys. Then the so -called Double Extortion, i.e. the second layer of blackmail: you pay not only for access to data, but also for not to be made public. Currently, criminals use even more complex blackmail methods: triple and secondary extortion in which data from previous leaks is reused to force ransom – the expert indicates.

The fight in cyberspace continues

CERT Orange Polska forecasts that in the coming years key trends will be:

• Use of AI for manipulation of information, automation of attacks and generating phishing content;
• Advanced attacks and cybergias to strategic companies;
• Attacks on cloud services and supply chains;
• Development of cybercrime in the area of ​​cryptocurrenciesboth retail and organized, using Malware-AS-A-Service.

– We are already trying to use artificial intelligence to recognize content generated by … other artificial intelligence. We are working on models that are to supervise other models. And this is great, only that when introducing these technologies to business, you must be aware that cybercriminals are not sleeping either – said Robert Grabowski.

Special attacks focused on artificial intelligence begin to appear – we are talking about such phenomena as poisoning collections teaching language models, influencing models’ answers or discovering training data. These are no longer just theoretical threats, but real attack vectors. – As we once learned to secure the cloud – which is quite mature today – now we must learn to protect systems based on artificial intelligence. This technology will develop, and we must be one step ahead of threats – summed up the expert.

Author:
Artur Konieczny