Watch out for sophisticated cyber-scams leveraging AI and social media platforms, as scams dominate the region’s cyberthreat landscape.
According to the Global Anti-Scam Alliance (GASA), 78% of global respondents encountered at least one scam in 2023 and 59% reported encountering scams monthly.
This growing concern was reflected in ESET’s latest Threat Report, which summarized threat landscape trends in the second half of 2024. The report highlighted the alarming escalation of scams globally – both in terms the scale and sophistication – with cybercriminals leveraging advanced technologies such as AI and deepfakes to exploit unsuspecting individuals.
CybersecAsia discussed some key findings from the report with Parvinder Walia, President, Asia Pacific and Japan, ESET.
What are some key trends in the threat landscape of 2024 – as highlighted in ESET’s Threat Report for H2 2024 – that you expect would continue in 2025?
Parvinder Walia (PW): There are several trends we saw in the ESET’s Threat Report H2 2024, including a surge in cryptocurrency values that made cryptocurrency wallet data a prime target for cybercriminals.
There was a significant rise in cryptostealer detections across multiple platforms. Notably, macOS users saw the most dramatic increase in criminal activity with Password Stealing Ware — designed to compromise cryptocurrency wallet credentials — more than doubled compared to H1 2024.
We expect cybercriminals to continue prioritizing attacking financial services in 2025, particularly in response to fluctuations in cryptocurrency markets and the increasing adoption of digital assets.
Attackers are also increasingly using Endpoint Detection and Response (EDR) killers to bypass security measures, a trend likely to intensify as cybercriminals refine their tactics. In 2025, we expect the most advanced actors to continue improving their tooling, further making it harder to protect against and detect intrusions.
On the flip side, this trend shows that security tools like EDR are a thorn in the side of cybercriminals and they will try hard to remove them or at least turn them off.
How are cybercriminals leveraging advanced technologies such as AI and deepfakes today? Can Asia Pacific organizations expect more of such cyberthreats in 2025 and beyond?
PW: Cybercriminals are actively using AI and deepfake technology to enhance phishing scams, generate fraudulent social media accounts, and impersonate public figures with greater realism.
AI-generated content is also being weaponized to lure social media users into disinformation campaigns, where they may unknowingly spread false narratives. We’ve seen attackers leveraging small open-source GPT models trained on data from hijacked social media accounts, allowing them to mimic communication styles and execute more convincing scams such as family emergencies or romance frauds.
According to ESET’s Threat Report H2 2024, scams utilizing deepfake videos and company-branded posts saw a 335% increase in detections, underscoring the rapid adoption of these technologies.