Kaspersky Security Bulletin

Consumer cyberthreats: predictions for 2024

In our previous summary of consumer predictions, we delved into tactics that we expected scammers and cybercriminals to use in 2023. As anticipated, they capitalized on major events and cultural crazes, using tricks that ranged from fake Barbie doll deals to exploiting the buzz around long-awaited video game releases, for example, by disguising malware as a cracked Hogwarts Legacy version, a classic move we have seen for years.

Cybercriminals continued targeting gamers’ accounts filled with valuable in-game items or giving access to games on several devices, and often used in-game currency to lure victims to participate in their scams. However, our prediction of continued console shortage spurred by the release of the PS5 VR set by Sony was not fulfilled, as the company announced in January the shortage was over.

Although we anticipated the arrival of a new social network to shake up the scene, none materialized. Instead, ChatGPT turned out to be the major tech revelation. Recognizing the heightened interest in new tech, cybercriminals cleverly targeted a broader potential audience with a stealer disguised as a ChatGPT desktop app. As ChatGPT went viral, other chatbots powered by generative AI appeared, and these technologies were quickly adopted as assistants in diverse areas including education. Teachers now use tools based on large language models (LLM) to create lesson plans, math word problems, and email to communicate with parents. Students use these tools in their hobbies and homework, and entrust their mental health to ChatGPT-like bots.

Speaking of education, although 2023 saw ransomware attacks against schools, university data breaches, such as those occurring through third-party platforms and traditional back-to-school scams, we have not seen a significant surge in attacks on educational platforms or learning management systems (LMS) so far in 2023, so that prediction was only partially fulfilled. Neither have we seen any significant evolution of gamification in education, which makes the prediction false for now, although we may still see it come true in the long term.

As the initial Metaverse excitement took a backseat to AI, the threat landscape was milder than expected. Yet, metaverse company breach that led to malicious email sent out to its users hinted at ongoing risks. Despite the fact that our predictions regarding Metaverse did not fully materialize in 2023, we reiterate what we said earlier, as we consider this a long-term trend. Mark Zuckerberg’s recent interview in Metaverse revived consumer interest in this topic, potentially luring cyber-troublemakers. We foresee this trend continuing, which will emphasize the need for a decision-making policy on emerging metaverses.

Although we have not seen any cases of cybercriminals targeting mental health apps in 2023, their security was discussed from a variety of perspectives. In March, a mental health startup disclosed that it inadvertently had been exposing personally identifiable information about more than 3 million people to third-party entities. In May, Mozilla published an extensive study on mental health app privacy, demonstrating that there was considerable room for improvement.

As we look to 2024, we believe that the consumer threat landscape will be heavily influenced by political, cultural, and technological events and trends. Below, we share our insights into potential consumer threats in the upcoming year.

Consumer threat predictions for 2024

More charity scams coming

Climate disasters, the pandemic, and numerous military conflicts worldwide are thrusting people into challenging life situations. Charitable foundations and activists step in to provide financial and humanitarian aid. The noble desire to assist those in need becomes a breeding ground for scammers who exploit the generosity of some and the problems of others. According to the United Nations, 2023 marked the year with the highest number of violent conflicts since World War II, and the prospects for resolving many of these remain unclear. Unfortunately, this ambiguity sets the stage for an anticipated increase in charity-related scams in 2024.

Not just threats: collaboration of online stores and charities

Just a few years ago, donations required separate transactions to distinct organizations on different websites. However, the current trend showcases a growing popularity of collaborations between online services and charitable foundations. For instance, when making an online store purchase, rounding up the amount automatically channels the additional funds to a charity. This streamlined donation process both makes donating more accessible and generates higher amounts in aid. It is highly likely that the near future will see an uptick in collaboration between online stores and charitable foundations.

Internet segmentation

Amid growing geopolitical tensions, some web resources have blocked users from certain countries and regions. There are two main reasons for that: political pressure and DDoS attacks. In the first case, website owners residing in certain countries involved in a geopolitical conflict are forced to lock their political opponents out of their content. In the other case, organizations use geofencing to protect their resources from DDoS attacks. Whichever the reason, this leads to the segmentation of the internet, which damages the availability of information. Unfortunately, we expect this trend to continue in 2024, with more websites to be geofenced, which will make searching for information more complicated.

VPN services on the rise

A VPN creates an encrypted tunnel that effectively conceals user traffic from internet service providers and potential snoopers, thus reducing the number of parties that can access user data even on public Wi-Fi. Just a few years ago, the term was mostly understood by tech specialists and enthusiasts. However, with an increase in cyberliteracy, more individuals are now actively seeking ways to protect their personally identifiable information.

Additionally, current international conflicts have heightened national security concerns, which led to growing interest from government organizations and law enforcement agencies in detecting suspicious user data. Cognizant of these measures, individuals may perceive a potential impact on their data privacy and thus turn to robust privacy solutions like VPN.

Besides enhancing user privacy, VPN also addresses issues like internet segmentation and website geofencing, which are often consequences of geopolitical changes. These practices restrict access to information by location, but certain VPN clients can break through these barriers, allowing broader access to information.

As a result, demand for VPN solutions is expected to see a significant rise globally in the upcoming year.

Security over user comfort to spawn new security issues

In recent years, security concerns have prompted certain countries and territories to ban popular apps. For instance, in May 2023, the Montana governor signed a bill prohibiting all TikTok usage in the state starting in January 2024. This social media app is also banned from government devices in a number of countries worldwide. In Canada, a similar ban on the WeChat messenger was introduced in October.

While the stated goal of this policy is to protect sensitive data, banning popular apps may prove counterproductive. In the absence of TikTok and WeChat, demand for custom mods and unofficial alternatives may increase, likely to be exploited by cybercriminals. Malicious clones of the banned apps may rise to fill the void in 2024. We expect such attacks to become a trend in the near future.

P2E in cybercriminals’ sights

The play-to-earn (P2E) gaming sector, which draws millions of players, involves earning real-world values like cryptocurrency through active participation in games. Given the substantial investment and the appeal of making money in P2E games, cybercriminals are poised to escalate their focus on exploiting this sector. The theft of $620 million worth of crypto from Axie Infinity is indicative, and we anticipate further incidents in the future.

The recent surge in Bitcoin’s rate, coupled with the allure of easy money-making through gaming, might draw increased attention from cybercriminals, positioning P2E players as a prime target. Heightened security measures and player education are imperative to shield the expanding P2E ecosystem from the escalating cyberthreats it faces.

Universal deepfake check tool

The evolution of deepfake technology, once a cause for widespread concern, has progressed significantly. Despite initial attempts to combat this phenomenon, the increasing quality of deepfakes has compelled society to reluctantly acknowledge its existence as a significant cyberthreat, which underscores an urgent need for a quick and reliable means of checking the authenticity of visual content.

This trajectory is anticipated to continue, and in the near future, the potential for a more high-profile incident, linked to major a deepfake campaign involving political figures or celebrities, could stimulate the creation of a universal, user-friendly tool, which would empower individuals to verify the authenticity of any image, video or audio content.

Voice deepfakes on the rise

In addition to already-familiar image deepfakes, voice cloning represents a major development pathway. Highly disruptive attacks, such as the 2020 incident at a UAE bank, have underscored the potential of voice deepfakes as a cybercrime tool.

As demonstrated by OpenAI’s latest presentation on voice assistants, the company’s advances in artificial voice content could contribute to progress. However, the technology could be exploited by fraudsters. Potential exploitation could lead to even more accessible deceptive content being created. A surge in the development of voice fakes is anticipated, and this evolution of deepfake technology is expected to continue.

Scammers go after premieres

As blockbuster movies like Dune: Part Two, Deadpool 3, Joker 2, Gladiator 2, and Avatar 3 move closer to hitting the screens, expect a surge in scams. Hollywood actors’ recent strike may have the pirating of “hot new films” as one of its side-effects, creating an ideal environment for a multitude of phishing sites. These deceptive platforms will claim to offer exclusive access, taking advantage of viewers’ eagerness to watch the highly anticipated releases.

The trend is not limited to film premiers. GTA VI, slated for release in 2024, is poised to be next year’s biggest gaming highlight. Just like GTA V before it, this will be an online game that uses in-game currency, and it will likely attract scammers. Classic schemes that involve pre-order keys and seemingly enticing prices will resurface as the gaming community welcomes the release of this highly awaited title.

Consumer cyberthreats: predictions for 2024

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox