Avast, the digital security firm, blocked an unprecedented 10 billion cyber attacks in 2023, a notable 49% increase compared to the previous year. Detailed in the latest Avast Threat Report, the types of cyber threats have also evolved, with scams, phishing, and malvertising accounting for more than 75% of them.
Unusually, these attacks often deployed malicious push notifications and novel AI tactics, such as deepfakes, to ensnare victims into sophisticated financial fraud, Avast states. The final quarter of 2023 also witnessed a surge in malware attacks employing PDF files and novel techniques to exploit Google for information theft.
Jakub Křoustek, Malware Research Director for Avast, outlined that in past three months, cyber criminals have moved away from solely relying on social engineering, and are now increasingly exploiting trusted digital platforms; be it through highly believable deepfake video scams or threats propagated through PDF files.
This trend signals the evolving modus operandi of cyber criminals and underscores the vulnerabilities that are intrinsic to our everyday digital life. He concluded by positing that "Now more than ever, people need to verify what they encounter online and utilise tools to help stay safe."
PDF files were a particular cause for concern in the last quarter of 2023. Avast blocked over 10 million such attacks, safeguarding more than 4 million users worldwide. Cyber criminals turned to PDF files as their weapon of choice, crafting intricate webs of cyber threats.
Avast researchers discovered a range of PDF-related scams, from straightforward lottery and dating deceptions to documents harbouring phishing links that lead to counterfeit webpages mimicking established brands such as Netflix and Amazon.
The large-scale use of PDF-based cyber threats represents a notable shift in hackers' tactics. The cross-platform nature of PDFs, which allows them to be easily opened from any device, along with their ability to pass through spam gateways without hindrance, makes them an ideal delivery payload for cyber criminals. Furthermore, technological advances like AI are fuelling the creation of more sophisticated scams, such as deepfake videos promoting investment fraud.
In addition, an innovative method of exploiting cookies for stealing information was observed in the final quarter. Cyber criminals started abusing the Google OAuth endpoint, which is used for account synchronisation across Google services, to recover authentication cookies.
These cookies store a unique identifier that verifies a user's identity and permissions for website access, providing hackers a gateway to sensitive data such as login information. Among the malware identified utilising this method was Lumma, a rapidly escalating malware-as-a-service stealer.