Q4 2024 Threat Report: The Dark Side of Social Media, CryptoCore Deepfake Scams Steal $7 Million, and 4 Million Users Protected from Scam-Yourself Attacks
2024 has been a record-breaking year for cybersecurity, and as we look back on the final quarter, the numbers speak for themselves. In Q4 alone, cybersecurity teams successfully blocked 2.55 billion threats—equivalent to 321 attacks every second—a 9% increase compared to the previous year. Social engineering attacks, particularly scams, dominated the landscape, accounting for 86% of all threats. This sharp rise underscores the evolving tactics of cybercriminals who continue to adapt and refine their methods.
The Evolving Cybersecurity Threat Landscape
Reflecting on past predictions, the threat landscape has continued to shift dramatically. In 2021, experts noted the move from device-centric malware attacks to more human-centric threats. As we enter 2025, scam-related threats have become more technically sophisticated and psychologically manipulative. Malware still poses a significant risk, but today’s scams—manipulating individuals through social engineering—are proving far more dangerous.
Looking ahead, the rise of artificial intelligence (AI) and large language models (LLMs), such as OpenAI’s Operator, presents a new frontier for cybercriminals. With these tools automating tasks like paying invoices and placing online orders, attackers have begun targeting them as potential entry points. If exploited, this could redefine the cybersecurity landscape once again.
The Dark Side of Social Media
Our featured story for Q4, The Dark Side of Social Media, sheds light on how cybercriminals have increasingly turned social platforms into a playground for scams. Social media threats have evolved from traditional malware attacks to sophisticated frauds such as malvertising, fake e-shops, and phishing scams. Facebook emerged as the leading source of these attacks, followed closely by YouTube.
Social engineering campaigns, like ClickFix and FakeCaptcha, have become increasingly complex, preying on users’ emotions and trust. These scams, referred to as “Scam-Yourself Attacks,” have led to significant harm, with over 4.2 million users protected from FakeCaptcha scams alone in Q4—a 130% increase compared to the previous quarter. To help mitigate this threat, we introduced a Clipboard Protection feature that blocks clipboard-based attacks before execution. Attackers linked to these scams deployed the NetSupport remote access trojan (RAT), with iterative improvements to its script, reportedly utilizing AI tools like ChatGPT to enhance its capabilities.
Ransomware and Advanced Persistent Threats (APTs)
Ransomware attacks continued their upward trajectory, increasing by 50% in Q4 2024 following a staggering 100% rise in Q3. Magniber, the most prevalent ransomware strain, was responsible for 62% of all detected cases. Countries like Mexico (+230%), Japan (+180%), and parts of Europe, including Austria and France, saw dramatic increases in attacks.
Alongside ransomware, Advanced Persistent Threats (APTs) remained a critical concern. Groups like Lazarus, a North Korean APT actor, continued to target high-value individuals and organizations with zero-day exploits and social engineering techniques. In Q4, Lazarus used compromised archive files masquerading as IT skill assessments to target victims via LinkedIn messages, highlighting the persistent and evolving nature of these threats.
Financial and Mobile Banking Threats
Financial threats remained persistent in Q4, with mobile banking trojans like DroidBot and ToxicPanda using increasingly sophisticated methods, such as NFC relay attacks, to target EU users. BankBot banker also saw a 236% increase in protected users, emphasizing the growing risks to mobile banking security.
In India, cybercriminals used WhatsApp to distribute trojans disguised as utility payment apps, leading to the theft of thousands of victim credentials. Meanwhile, spyware threats surged globally, with SpyLoans campaigns continuing to prey on victims through malicious loan apps, despite law enforcement crackdowns.
The Evolution of Crypto Scams: CryptoCore and Deepfakes
Crypto scams took a disturbing turn in Q4 with the rise of the CryptoCore group, which leveraged deepfake technology to dupe victims. By tying fake investment schemes to high-profile events, such as the U.S. presidential election and statements by Elon Musk, CryptoCore was able to manipulate individuals into transferring funds. These attacks, which used deepfake videos featuring public figures like Donald Trump, ultimately stole over $7 million in Q4 2024, marking their largest campaign to date.
The use of deepfakes in crypto scams illustrates how cybercriminals are exploiting emerging technologies to gain trust and perpetrate fraud. These scams highlight the growing sophistication of digital fraud and the evolving methods attackers are using to deceive their victims.
The Widespread Impact of Scams
Beyond large-scale attacks, scams remained a pervasive threat throughout Q4. Fake e-shops were particularly active during major shopping events, such as Black Friday and Christmas, using poisoned search results, social media ads, and phishing emails to lure shoppers into making fraudulent purchases. These scams led to not only financial losses but also compromised personal data, resulting in identity theft and long-term credit damage.
In addition, dating scams gained momentum, especially in Nordic countries, preying on individuals’ emotions. Meanwhile, technical support scams surged in regions like Switzerland and Japan, with attackers adjusting their tactics to align with local contexts. Malvertising, which accounted for 41% of all blocked attacks, remained a major vector for scams and malware.
Avast and AVG’s Role in Protecting Against Evolving Threats
As cyber threats continue to grow in complexity, Avast and AVG stand at the forefront of providing reliable, cutting-edge protection for businesses and individuals. With AI-powered threat detection, real-time security monitoring, and robust defences against ransomware, scams, and advanced persistent threats (APTs), both Avast and AVG ensure that your digital environment remains secure.
For IT service providers and Managed Service Providers (MSPs), Avast and AVG offer tailored solutions through the Avast Business Hub, an all-in-one platform that simplifies security management. This platform is designed to protect users and devices from emerging threats, while reducing overhead and enhancing operational efficiency.
By combining advanced AI technology, machine learning capabilities, and a team of global cybersecurity experts, Avast and AVG help you stay one step ahead of attackers, safeguarding your business against the evolving threat landscape.
Join Us for an Insightful Webinar
To help IT service providers and Managed Service Providers (MSPs) navigate this ever-evolving cybersecurity landscape, we’re hosting a free webinar designed to simplify security management and improve protection for clients.
Webinar Title: Secure Your Business in 2025: Avast Business Hub for IT Service Providers & MSPs
Date & Time: Thursday, March 6, 2025 | 11:00 AM – 12:00 PM (UTC+02:00) Harare, Pretoria
Join via Microsoft Teams:
Click here to join the meeting now
Meeting ID: 363 903 282 797
Passcode: PT2on2eT
Learn how the Avast Business Hub simplifies security management and reduces overhead while providing comprehensive protection for your clients, covering every critical layer of security to protect your business from evolving threats—anytime, anywhere.
Conclusion
The threats we’ve observed in Q4 2024 serve as a reminder of the constantly evolving and increasingly sophisticated nature of cybersecurity risks. From social media scams to AI-driven attacks, cybercriminals continue to find new ways to exploit vulnerabilities and deceive individuals and businesses alike. As we look to 2025, staying ahead of these threats will require continuous vigilance, innovation, and collaboration across the cybersecurity ecosystem.
Stay safe and secure in the new year!
About Gen
Gen is a global company dedicated to powering digital freedom with a family of trusted brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner. Our trust-based solutions help protect nearly 500 million users in more than 150 countries.
Contact AvertITD via WhatsApp:
Our new WhatsApp support channel enables instant communication for partners and customers. Whether you need quick assistance, have questions about Avast or AVG licenses, or want to discuss business requirements, you can now reach out directly for immediate help. This service ensures rapid responses across Africa, eliminating the need for lengthy emails or waiting for callback appointments.
Real-time Support through Live Chat on Our Website:
In addition to WhatsApp, AvertITD has introduced a live chat feature on our updated website. This allows you to connect instantly with knowledgeable representatives who can answer your questions, assist with Avast and AVG solutions, and offer personalized guidance. The chat feature ensures you receive fast and efficient support without having to navigate through complex menus.
By combining WhatsApp and live chat, AvertITD guarantees that partners and customers can easily access expert support, whenever they need it.
About Avert IT Distribution
Partnering with AvertITD means investing in your success and growth. As a world-class distributor, we offer a superior range of cybersecurity solutions to protect your clients and your reputation.
Founded in 2004, AvertITD has continued to expand and evolve. We are proud to serve partners across Africa, prioritizing accountability, integrity, and commitment in all that we do. These principles are embedded in everything you, as a reseller, offer to your customers.
To become an AvertITD reseller, complete this form or contact sales on +27(0)10 007 4430 (Johannesburg) or +27(0)21 007 2655 (Cape Town), or e-mail sales@avertitd.com.
Find AvertITD on LinkedIn. Whatsapp on +27 605 180001
