And, like every year around this time, it is time to analyze what happened in terms of cybersecurity during 2023, see trends, review the state of the art of Emerging technologies, study data, contrast information from analysts and companies in the sector and do “guess” to try to find out what the main security threats which we will encounter in 2024.
Although not many organizations, companies in the sector and analysts have yet published their predictions for next year, some of them are already doing so and, shortly, during the month of December (especially when we are approaching the end of the year), We will see an avalanche of them.
Unfortunately, we don't have a crystal ball. For this reason, this is an opinion article, not empirical or scientific, although it is based on our experience and on all the information collected and analyzed from other recognized sources such as experts, analysts and companies in the sector, with their common points, discrepancies. and coincidences.
A priori, the threats that experts point out will take the cake in 2024, are attacks on Artificial Intelligence (AI) y al Machine Learning (ML) O automated learning. In all the forecasts consulted so far, it appears in first place, as the one that can be exploited the most next year.
They are followed, at a great distance, but in second position, by attacks on supply chain and blockchain, from third parties (suppliers, partners, collaborators, etc.). This is an aspect that has been discussed a lot during 2023 and where great concern has emerged, both in terms of cybersecurity as such, as in those who privacy and normative compliance it means.
Finally, in third position, a block of threats appears 100% related to the human factor, the human weakness and the attack on people. These are threats that aim to achieve objectives by manipulating people's wills and launching targeted attacks against them.
Among these types of attacks on people, the most important today and the one that seems to continue and increase in 2024 is the attacks of phishing (in any of its variants and flavors) and the social engineering.
Another of them, although related to the above in one way or another, is the risk posed by lack of awareness, knowledge, training and skills of employees regarding cybersecurity.
In this sense, we speak of the insiders that, with their behavior (intentional or not), can ruin the business in a single click, whether due to lack of knowledge, confusion, human errors, inappropriate configurations, deceptions in which they bite, or even carrying out actions completely intentionally seeking specific objectives (economic, political, social, recognition, labor discontent, etc.).
These could be the main cybersecurity risks which we will face in 2024, but we can identify many others. From our experience and the analysis of those who have already spoken on the matter, we could outline a first ranking of cybersecurity threats What we will see in 2024:
- Attacks on Artificial Intelligence (AI) and machine learning (Machine Learning / ML). It is the main threat that we are expected to encounter in 2024 and on which most experts and analysts agree. This perhaps derives from the latest important developments and developments in AI that seems to be emerging as an emerging technology (perhaps in due course). hype). In this sense, in the same way that it will be an interesting and very useful technology for security, prevention and protection, it is also expected to be the focus of a multitude of attacks or, rather, to be used by cybercriminals in the opposite direction. These will be able to use it, among many other things, for the intelligent detection evasion, for him automated discovery and exploitation of new vulnerabilities, for immediate generation of fakes (fake news, deepfakes, voice falsifications, content), for the generation of malicious code, etc. On the other hand, ethics, standards, regulation and control of the use of this technology, although it seems to be starting, still has a long way to go and this may be something that is taken advantage of inappropriately.
- Supply chain/blockchain attacks. During 2023, there has been a lot of talk about this issue and even some updates to laws, regulations and action frameworks have set their sights on it. And it is so important to protect yourself, as well as guarantee that whoever provides us with infrastructure, software and/or services is also safe. We have already seen on several occasions cases in which a cyber incident that has taken place in an organization, has been due not to it but to an external company, third and unrelated to the affected one, that provides IT (or other types of) services. The software, services, systems and infrastructure that these suppliers, partners, associates or collaborators share with the company that is the victim of the incident, may also have their own vulnerabilities and security holes that the cybercriminals they take advantage to cpursue access, enter and attack to the client company to those who provide not to them directly.
- Phishing and social engineering. As we see it and have experienced it to date, the truth is that it is not surprising that it is among the TOP 3 risks that are most estimated to happen in 2024. In many (most) of the cases, cybercriminals do it. have "very easy” appealing to the people, to the human weakness, al human factor. In this case, through one of the most prolific and effective types of attacks today, trick people into doing something, through any means, channel, or mechanisms (email, SMS, videos, phone calls, advertising banners, fraudulent URLs, false or illicit web pages, etc.).
- Human factor, lack of awareness, knowledge and skills, and insiders. Although it is very closely related to the previous one (the social engineering, he phishing, etc.), goes further. While in that case it is about deceiving people, here the nuance is different. It is about the people themselves and their condition. These attacks on people will be fruitful, or not, and to a greater or lesser extent, depending on the knowledge, aptitude and attitude of each person in matters of cybersecurity. Not being aware, not being trained and not having skills to avoid a threat is very dangerous. Likewise, there are other people within the organization who function carelessly, have no sense of the importance of correctly applying existing procedures, or even have the capacity to intentionally attack from within (insiders).
- Cloud attacks. Companies increasingly have their own cloud services (private cloud) but generally from third parties (public cloud). In it, organizations manage, transact and store information and data of a private, sensitive and/or confidential nature. A candy for the cybercriminals that, by all means at their disposal, they will try to access them, attacking by any means, the cloud of the company or attacking the clouds from your supplier(s), supply chain, and infrastructure of its supplier(s).
- Exploitation of vulnerabilities and Zero Day attacks. Another classic that we will continue to see for a long time, since errors will never cease to exist, vulnerabilities, bugs and security holes in the software we use. Cybercriminals will continue to search for these security breaches and using them to achieve your objectives. Those that, until the moment of their discovery and exploitation, have never been used, will have the greatest impact.
- Attacks on smart devices (IoT) and connected devices. Intelligent devices, which transact and share a multitude of information, which provide access, which perform tasks, in short, the IoT (Internet of Things, Internet of Things), with millions of devices connected to the Internet at the same time, makes these elements very succulent objectives. Not all of them are adequately protected and can allow not only the exfiltration of confidential information, but also access to and control of other corporate systems, carrying out denial of service attacks, etc., both in corporate, industrial and domestic environments.
- Ransomware. Although cyberkidnappings can arrive by many means such as some of those discussed above, in terms of malware It is infections, he ransomware It seems that he will continue to take the cake among all of them. His specialization and increase of technological complexity, helped by other aspects such as social engineering, the artificial intelligence, the massive communication channels, etc., will make this threat a constant that may even have a more severe impact.
- Deepfake. As we said, deception is one of the main tricks for a good attack. The disinformation, the post-truth, the fake news, the deepfakes, etc., will act more effectively and increasingly against that human factor and its sensitivity. Although they are not a malware, or a type of technological attack as such, due to advances in technology regarding artificial intelligence and quality of multimedia tools, etc., the generation of false images and videos that impersonate people and appear to be what they are not, will be increasingly convincing and will achieve manipulate Public opinion
- Geopolitical hacktivism and cyberespionage. We are immersed in several international war conflicts, such as the war in Ukraine and Israel's war with Hamas. In most cases, these confrontations have economic, religious, geographical, social origins, etc. From that perspective and different points of view, attacks of hacktivism, sometimes originated by social groups with strength and radical tendencies, and even promoted by states, governments and nations, which we will continue to see in 2024 with the intensification of the current war conflicts.
- Authentication, access, and identity. Due to many reasons, the credential theft, he commitment of accounts in corporate systems or in services of common and popular use on the Internet, the identity fraud, etc., are very valuable objectives. Over the next year, we will continue to see how cybercriminals try to get hold of this information to jump over the barriers of the corporate perimeter, gain access where they shouldn't and impersonate someone they are not in order to have privileges and roles that allow them to carry out certain actions.
- Malware. Although it is no longer the most common (if we think independently about the ransomware, without considering that, to a certain extent, it is a malware), will continue to exist infections, spreads and attacks malware and spyware. Lifelong threats, such as virus, the trojans, worms, keyloggers, etc., will still be there.
- Disinformation. Information is power and with its manipulation or the invention of bulos (hoax), infoxication and fake news (fake news), it is possible to manipulate and control citizen consciousness. For this reason, it is used by political groups, the media, power groups, and even governments. It has the capacity to arrive, it is fast, it has impact, it is efficient, so, as until now since the beginning of humanity, we will continue to see hundreds of thousands of cases, even if it is not cyber attacks O cyber incidents as such.
- Advanced Persistent Threats (APT). Even though they are not the most common, those attacks that manage to enter a system and remain “dormant” there for a long time waiting for the best moment to act, will continue to be present. These will continue to use a combination of techniques to secure their objective and proceed with their entire chain of steps: access, infiltrate, establish themselves, hide, privilege escalation, lateral movements within the organization, observation and action.
- Botnets. This is a threat that has lost some prominence lately, in terms of carrying out attacks DoS (Denial of Service) and DDoS (Distributed Denial of Service) refers, but that in the field of Blockchain technology, the attack on the blocks of that chain, and the cryptocurrency mining, is still relevant enough to bet on capturing devices (zombies) and set up a botnet controlled to act simultaneously and in unison under the orders of a cybercriminal.
Well, these are some of the threats and cybersecurity risks which we will encounter in 2024, as we can extract from our own experiences, from the forecasts of manufacturers and companies in the sector, as well as from analysts and other sources consulted, among which the following stand out: Gartner, Forbes, World Economic Forum, Google Cloud, WatchGuard, Mandiant, Virus Total, Kaspersky, SonicWall, CASE, Assad, Proofpoint, Check Point, Stellar Cyber, Fortinet, KnowBe4, SAS, BeyondTrust, Segnesys, Lenovo, CLOSE, IBES, Outlines, TechRepublic, etc.
Will your company be prepared for these cyber-threats and cyber-risks in 2024?
Maybe you need the help of professional cybersecurity services like the ones we offer in Zerolynx: Cybersecurity Services.
If you prefer, contact us and we talked.
Íñigo Ladrón Morales, Content Editor for Zerolynx.