It’s hard to believe 2023 is almost over. And you know what that means – prediction time! This year was full of tremendous growth for Securonix, highlighted by new and expanded partnerships, enhanced product offerings and more. As we wrap up a busy year, our experts reflected on what we learned in 2023, and shared their thoughts in this forecast on the trends, challenges and opportunities that lie ahead in 2024.
AI will play a crucial role for attackers and defenders
There are numerous trends from 2023 that will continue to significantly impact cybersecurity in 2024. The use of artificial intelligence (AI) and machine learning (ML) in both cyberattacks and defense mechanisms is likely to evolve. Threat actors will become more sophisticated in their use of AI, and security professionals must develop AI-based tools to counter these threats effectively. Attackers will use generative AI to improve their phishing and other social engineering methods to gain access and help them identify sensitive information. As a result, we will likely see an increase in AI-assisted and AI-driven attacks successfully bypassing security controls, such as MFA, zero trust and other fundamental security technologies and defenses.
AI-generated deepfakes and misinformation will create growing challenges in 2024. AI can be used to create convincing deepfake content, making it challenging to distinguish real information from fraudulent. This has significant implications for both cybersecurity and misinformation campaigns as we head into an election year in the United States.
Technology providers are racing to add AI capabilities to their products for threat detection, mitigation and more. Implementing AI in cybersecurity requires time and resources. Organizations must gather and prepare data, fine-tune AI models and integrate them into their existing security infrastructure. It’s an ongoing process, and success is not immediate. Choosing security vendors that are at the forefront of adopting AI will help defend against advanced (and often AI-driven) attacks. As security teams try to identify which AI use cases can provide most value, 2024 will be a year of experimentation with AI tools on the defender side.
Increase in targeted and evasive cyberattacks
We’ve been observing an increase in highly targeted and evasive cyberattacks associated with both cybercriminal groups and state-sponsored threat actors. Given the current geopolitical situation, we expect to see more in 2024. The attacks have been persistent and can involve both state-sponsored malicious threat actor cyber espionage and disruption operations, as well as more traditional cybercriminals and ransomware operators exfiltrating and encrypting sensitive data. For example, earlier this year, we identified an interesting campaign targeting the Ukraine military, known as STARK#VORTEX. The threat group targeted victims using Pilot-in-Command (PIC) Drone manuals as lure documents to deliver malware.
We’ve also seen attacks increasingly use automation, third-party components, “grey area” and attack tools like remote monitoring and management (RMM). This trend will likely continue in 2024, bringing more ways for ransomware attackers to extort victims and gain leverage in ransom negotiations.
AI won’t make humans redundant
One of the biggest myths we’ve been told is that AI will make humans redundant. AI excels in handling large volumes of data and performing repetitive tasks at speed and accuracy, which in turn increases productivity and efficiency. So we can expect that some high-volume, repetitive tasks may shift from manual execution to automation and AI, if they haven’t already. However, AI lacks emotional intelligence and the ability to fully understand content in complex decision-making. Humans are critical for tasks that require judgment and ethical considerations, as well as when there is a need for contextual or nuanced understanding. In 2024, we can expect AI to augment human intelligence and free up time for more strategic thinking – but they won’t make us redundant.
Phishing attacks will continue to evolve
Despite their widespread use, phishing emails and social engineering continue to prove to be an effective way to breach an organization. Threat actors will continue to leverage phishing emails as a primary source of compromise, however their methods and TTPs will continue to evolve. In 2023 we saw QR code-based phishing (quishing) gain popularity and witnessed an uptick in more advanced tactics such as MiTM and AiTM attack methods leveraging tools like EvilProxy. In addition to phishing, advanced tactics like social engineering and malvertising will continue to be prolific.
Attacks on critical infrastructure will continue to escalate
All businesses, large or small, are targets for threat actors from within and outside the organization. When evaluating the threat landscape for 2024, we believe all organizations are at risk. Financial services, healthcare and education will continue to be large targets for threat actors due to their economic importance, data value, and vulnerabilities.
However, the more complex geopolitical scenario will cause an increase in attacks against critical infrastructure and defense, especially in countries involved in ongoing conflicts. With recent events in the Middle East, and continuing conflict in Ukraine, nation-state actors and state-sponsored cyberattacks may continue to escalate, leading to an increased focus on international cooperation and cyber deterrence strategies. NGOs will also be affected as they try to expand their work against authoritarian, non-democratic regimes.
Contributors: Augusto Barros, Findlay Whitelaw, Haggai Polak, Securonix Threat Labs