AI-driven cybercrime spikes in Australia & NZ, warns Trend Micro

Trend Micro has reported a concerning rise in AI-driven cybercrime across Australia and New Zealand, placing the region among top global targets for various types of cyber-attacks in the first half of 2024.

According to the cybersecurity firm’s mid-year roundup report, Australia was among the top ten countries for URL victims with 21.6 million detections, which accounted for 2.5% of the global total. The country also secured a high rank in mobile app detections, standing 8th globally, along with significant router attack activities, ranking 7th in this category. A total of 72 million email threats were also observed in Australia this year.

New Zealand recorded 2.4 million blocked email threats and 1,450 ransomware incidents. The island nation was noted for its high rate of malicious URLs, with 5.4 million detected and blocked instances, underscoring the prevalent threat trajectories in the region.

“Trend Micro blocked over 75.46 billion threats for customers in the first half of the year, but there’s no time for complacency. As malicious actors begin to embrace AI as a tool, the industry must respond in kind, by designing security strategies to take account of evolving threats. This is an arms race we can’t afford to lose,” stated Mick McCluney, the ANZ Field CTO at Trend Micro.

Despite recent efforts by law enforcement, cybercriminals are evolving their techniques. Significant operations such as Operation Cronos targeting LockBit, Operation Endgame against dropper malware networks, and Operation Morpheus tackling unsanctioned use of Cobalt Strike have not been enough to deter cybercriminals. The introduction of AI into cybercrime has been a notable trend, as observed by Trend Micro.

Trend Micro reported that threat actors are increasingly hiding malware within legitimate AI software, operating criminal Large Language Models (LLMs), and even selling jailbreak-as-a-service to exploit generative AI bots for malware development and social engineering tactics. This trend represents a growing sophistication and innovation within the cybercrime ecosystem.

The first half of 2024 also saw a surge in the use of deepfake technology for a range of criminal activities. These include virtual kidnapping scams, targeted Business Email Compromise (BEC) impersonation frauds, and the circumvention of Know Your Customer (KYC) checks using harvested biometric data.

Despite numerous law enforcement disruptions, LockBit remains the most prevalent ransomware family, with the development of a new variant, LockBit-NG-Dev, further showcasing the resilience and adaptability of these cyber threats.

Cybercriminals have taken advantage of major events such as the Olympics and national elections to launch targeted attacks, and sophisticated Advanced Persistent Threat (APT) campaigns have exploited geopolitical tensions, specifically relating to China-Taiwan relations with Earth Lusca’s campaign. State-aligned actors have been noted for using advanced techniques to compromise internet-facing routers, anonymising their targeted attacks.

Furthermore, various groups have exploited cloud environments, apps, and services, by abusing exposed credentials, weaknesses in configuration, and vulnerabilities within legitimate tools.