How will the cybersecurity landscape develop during 2024? Will cybersecurity groups start to merge? Will hacker groups start to exploit the potential of AI? Andrew Costis, Chapter Lead of the Adversary Research Team, AttackIQ sets out the likely developments with cybersecurity over the next 12 months.
Ransomware source code leaks will fuel a new wave of sophisticated ransomware attacks that target Fortune 500 companies
On the subject of the primary cyberattack mode – ransomware – Costis finds: “Ransomware has been on a tumultuous rollercoaster ride in 2023 following a brief respite in late 2022. In the new year, it is poised to run rampant as leaked ransomware source code becomes more common, breeding new strains and allowing for easy access to existing advanced strains. However, this leaked source code will also be a boon to threat researchers, allowing them to analyze strains to create the proper security controls to defend against them.”
Nation-state threat actors will put endpoint protection products to the test to discover and exploit detrimental zero-days
In terms of changing attack modes, Costis warns: “Organized crime groups and e-crime groups have access to the same commercial endpoint detection and response products that legitimate customers use. These threat actors’ full-time jobs are to test these products until they can find a zero-day to exploit. In 2024, nation-state threat actors will try their hand at discovering zero-days in EDR products that will increase ransomware attacks and extortion demands in the new year.”
Nation-states and hacktivists will exploit increasing geopolitical tensions to cause widespread disruption
Global events provide a useful smokescreen for criminals, as Costis identifies: “With wars raging in Israel, Syria and Ukraine, there will be an uptick in cyberattacks on the defense industrial base, government, hospitals and other high-profile targets. These will be perpetrated by a range of state and non-state actors. Russia and Iranian intelligence services will continue to conduct attacks on a variety of Western interests in retaliation for their support of their foes in these conflicts. Affiliated proxy groups and hacktivists will also conduct less sophisticated attacks of opportunity either in ideological or direct support for their state clients. Historically they have targeted a wide range of sectors from financial services to healthcare, using defacement, information leaks and denial of service.”
Cybercrime will be more streamlined and organized than ever, leading to a record monetary loss of over $18 billion in 2024
An important risk is with cybercriminals coming together to form super-teams: “In 2024, select cybercrime groups will merge operations into a streamlined, multifaceted criminal enterprise. From initial access brokers to ransomware- and malware-as-a-service, all of these different components will come together to form a mutual partnership. Working better together, these cybercrime groups will deliver unprecedented financial losses in 2024, shattering previous records.”
Advanced social engineering in the form of false propaganda on social media will tilt the 2024 election
Costis’ final prediction concerns the application of artificial intelligence. Here he forewarns: “Advances in AI since the 2020 election have created new opportunities for social engineering campaigns like SMS and phishing attacks, the spread of false propaganda and the use of deepfake technology. In 2024, we’ll see more advanced social engineering campaigns that leverage AI to create highly targeted content that mimics political parties and politicians to ultimately spread disinformation.”
Bots are also a threat, Costis adds: “Automated bots will also play a role as they’re leveraged to automatically respond to social media posts to sway political opinions. At a time when many people struggle to verify their sources and get their news from social media, AI-generated false propaganda will incite individuals to change their political opinions and interfere with the outcome of the election.”