Ontinue has published its 2H 2024 Threat Intelligence Report, providing an in-depth analysis of emerging cyber threats uncovered by its Advanced Threat Operations (ATO) team. The report highlights a 132% increase in ransomware attacks despite a 35% drop in ransom payments, indicating a strategic shift by attackers to intensify ransomware operations.
Among other key trends, the 2H 2024 Threat Intelligence report highlights the rapid rise of Adversary-in-the-Middle (AiTM) attacks, which have become a dominant method for stealing authentication tokens and bypassing multi-factor authentication (MFA). Additionally, the PlugX Remote Access Trojan (RAT) remains an active threat, while command-and-control (C2) traffic associated with infostealers and malware loaders continues to escalate.
Vishing: The AI-Powered Threat on the Rise
The report also exposes the increasing sophistication of Vishing (Voice Phishing) attacks, which cybercriminals are now enhancing with artificial intelligence. By leveraging AI-driven voice cloning technologies, attackers can create highly realistic deepfake audio to impersonate trusted individuals, tricking victims into divulging credentials, approving fraudulent transactions, or granting unauthorized system access.
In Q1 2025 alone, Ontinue’s ATO team detected a 1,633% spike in vishing-related incidents compared to the previous quarter. Many of these attacks directed victims to fake Microsoft support pages, often hosted on .shop domains, where users were prompted to call fraudulent support numbers. These campaigns highlight how social engineering, combined with AI-driven deception, is becoming an increasingly effective tactic for cybercriminals. Ontinue forecasts that vishing will remain a rising threat throughout 2025 and beyond.
Attackers Exploiting Built-in Microsoft Tools
Threat actors are increasingly abusing legitimate Microsoft tools to evade detection and maintain persistence in compromised environments. Microsoft Quick Assist, a remote support tool, is being weaponized by attackers to gain unauthorized access to victim devices, often bypassing traditional security controls. Meanwhile, Windows Hello authentication keys have been targeted in credential theft campaigns, allowing adversaries to authenticate as legitimate users without needing passwords. The abuse of built-in administrative utilities highlights the challenge of detecting malicious activity that blends in with routine IT operations, reinforcing the need for continuous monitoring and behavioral analysis.
New Malware Delivery Mechanisms Emerge
As cyber defenses improve, threat actors are evolving their delivery methods to evade detection. Ontinue’s research highlights a shift toward browser extension abuse and malvertising campaigns:
- Malicious browser extensions, particularly in Google Chrome, are being weaponized to deliver information-stealing malware. These extensions can persist even after system reimaging, allowing attackers to reinfect compromised systems when users reimport their browser profiles.
- Malvertising campaigns continue to target unsuspecting users by instructing them to copy and paste malicious PowerShell commands into their systems, often through deceptive ads that appear legitimate.
Ransomware: Fewer Payments, but More Attacks
Despite the significant increase in ransomware attacks, fewer victims are paying ransoms, as organizations adopt stronger backup strategies, improved incident response plans, and regulatory pressures discourage payments. In response, cybercriminals are doubling down on exfiltration-based extortion—stealing sensitive data and threatening public disclosure to compel victims to pay.
“The cybercriminal ecosystem is adapting to evolving security measures, leveraging AI-powered deception, novel malware delivery tactics, and persistent social engineering schemes,” said Balazs Greksza, Director of Advanced Threat Operations at Ontinue. “Our research underscores the urgent need for organizations to fortify their defenses against sophisticated phishing, vishing, and malware campaigns, while continuing to harden their environments against ransomware and credential theft.”
To learn more about Ontinue’s findings, read the full 2H Threat Intelligence Report here.
Related News:
Ontinue ION for IoT Security Adds IoT/OT Protection to ION MXDR Service
Microsoft Copilot for Security Readiness Workshops Offered by Ontinue
