1. Advanced Ransomware Tactics Enhanced by AI and Deepfakes
The integration of generative AI tools is expected to empower cybercriminals, enabling the creation of highly convincing emails and phone calls to evade detection during social engineering campaigns. Allie Mellen, principal analyst at Forrester, highlights the potential use of AI for reconnaissance, making ransomware-as-a-service actors more effective.
2. Embracing Human Risk Management in Enterprises
Organizations are shifting towards human risk management to identify employees with high-risk scores, enabling the creation of targeted security mitigation programs. Grant Schneider, former U.S. federal CISO, emphasizes the importance of identifying anomalous behavior within systems and networks.
3. Remote Work Infrastructure Under Siege
Hackers are anticipated to target remote work infrastructure, exploiting vulnerabilities in VPNs, cloud services, and RDPs. The expansion of the attack surface during the shift to remote work creates opportunities for bad actors to access sensitive corporate networks, as noted by Tom Kellerman, senior vice president of cyber strategy at Contrast Security.
4. Intensification of Cyberattacks Against Third-Party Suppliers
Cyberattacks on third-party suppliers and software vendors are expected to escalate, with threat actors seeking new gateways in 2024. Michael Gorelik, CTO at Morphisec, emphasizes the need for third-party cybersecurity audits to become a top priority for organizations.
5. Critical Infrastructure Under Siege
Motivated by geopolitical conflicts and financial motives, cyberattacks against critical infrastructure pose a high risk in an election year. Jenny Hedderman, risk counsel at the Massachusetts Office of the Comptroller, stresses the vulnerability of smaller organizations, urging increased investment in shoring up industries at the municipal level.
6. IoT Devices as Targets for Large-Scale Botnets
The proliferation of connected IoT devices continues to make them attractive targets for hackers aiming to create large-scale botnets. Joe Sullivan, CEO of Ukraine Friends and former CSO at Uber, warns of the ongoing threat and the need to find effective mitigation strategies.
7. Rise in Attacks on Mobile Devices
Mobile devices face an increase in attacks exploiting vulnerabilities in operating systems, apps, and emerging 5G networks. Martin Roesch, CEO of Netography, advises utilizing built-in device features for defense against sophisticated toolkits used by cybercriminal groups like NSO.
8. Cybercriminals Combining Stolen Data for Identity Theft
Cybercriminals are expected to combine stolen data to create more complete identities for identity theft and financial fraud. Generative AI is likely to play a role in developing targeted and contextualized attacks, according to insights from Allie Mellen.
9. Escalation of Cyberwarfare Activities
The lines between nation-state actors and cybercriminals are becoming increasingly blurred, leading to complex cyber conflicts with global implications. The shift from espionage to sabotage is predicted by Tom Kellerman, emphasizing the potential for more destructive attacks.
10. Preparing for Post-Quantum Cryptography
Organizations are urged to prepare for a post-quantum cryptography world as the potential breakthroughs in quantum computers may compromise current cryptographic algorithms. Joe Sullivan emphasizes the need for readiness, anticipating the convergence of AI and quantum technologies.
In the face of emerging threats from technology, geopolitics, and cybercriminals, the cybersecurity industry is gearing up for a dynamic 2024, with the hope of adapting to challenges and fostering positive change.
DELTA Data Protection & Compliance Academy & Consulting – info@delta-compliance.com