2023 was a record year for cybercrime and threat actor activity, and we anticipate 2024 to be a continuation of this upward trend. Below we discuss a few key items we consider will be at the forefront of 2024’s cybersecurity landscape.
Expansion of ransomware operations
2023 was a record year for ransomware operators. Reported attacks were nearly double the numbers seen in 2022. The most successful groups operated as-a-service (RaaS), allowing them time to improve and develop their product whilst others worked to deploy the malware and bring in the money.
Law enforcement has been extremely active against these groups, taking down infrastructure relating to HIVE and ALPHV variants. However, in the latter’s case, this has seemingly slowed, but not halted their operations and they remain active in some capacity into 2024. Current data has shown a slight decline in the number of posts to their leak site however, this is a common pattern seen across many different variants and is likely due to the links to Russia and periods of inactivity over the holiday period.
We expect this year to be no exception to the continued growth of ransomware operations. It remains a lucrative opportunity for threat actors and the RaaS operating model allows less-skilled operators to partake in this criminal activity.
It is anticipated that ransomware tactics will expand to provide further opportunities to “motivate” victims into paying a ransom for their data. This will include the threat of deployment of “Wiper” malware – designed to fully delete an infected device or network in the event of non-compliance.
An increase in Supply Chain Attacks
It is highly anticipated that supply chain compromise will continue to be a tactic of choice for financially motivated and nation-state threat actors, who routinely and opportunistically scan the internet to identify unpatched systems ripe for exploitation.
The efficiency of supply chain attacks will likely be improved by both the infection and dissemination of software packages granting third-party access. This in turn allows threat actors to select and target their victims on a larger scale, leading to increased levels of compromise and wider attack surfaces for the deployment of malicious code. Subsequently, this will allow threat actors to better maintain persistence within victim networks, granting more time to conduct reconnaissance, analyse connected networks, and spread to encompass more victims.
It is anticipated that supply chain attacks will target vulnerabilities in generative AI ecosystems. With AI and LLMs being utilised more and more to improve productivity, inevitably supply chains are becoming more interconnected. Failure to properly secure these components within the supply chain could be fatal, allowing threat actors to poison AI training data, manipulate updates, inject malicious algorithms, engage in prompt engineering, or exploit vulnerabilities as an entry point to compromise organisations’ data or systems.
The growth of AI-driven cyber-crime
AI has seen a massive boom in 2023, and this is expected to continue into 2024 and beyond as it becomes increasingly integrated into all manner of processes and procedures.
In 2024, we anticipate a surge in threat actors embracing AI to improve the quality and speed of development of the tools in their arsenal. This will include a quick and cost-effective way to develop new malware and ransomware variants. We also expect to see the increasing use of deepfake technologies to improve the standard of phishing and impersonation to support cyber-enabled frauds and business email compromise (BEC)
In contrast, it is anticipated that cyber security will employ a proactive strategy; as threat actors continue to harness the potential of AI and machine learning, cyber defenders will look to utilise similar techniques to counter these offensive tactics. The cyber security industry is already making substantial investments into the use of AI for defensive purposes, and this is expected to grow and be adopted by more in the field. Generative AI (GenAI)-powered capabilities such as automated code generation, reverse engineering, and document exploitation will reach previously unthinkable levels of sophistication and speed.
It is believed that GenAI will provide an improved toolkit to those targeting the human element when seeking to compromise network security. GenAI will provide threat actors with an easier method for developing more convincing phishing messages at scale, create video and audio deepfakes, and more easily collect information on their targets. This highlights the need in 2024 for an increased focus on awareness training to better prepare staff and colleagues for the inevitable surge of phishing attacks in 2024.
Key Global Events
Geopolitics is a key motivator for threat actors in certain sectors, particularly nation-states and hacktivists. Many key global events are scheduled for this year, providing high-profile targets for those who would seek to manipulate these events for their own gains.
Elections are due to be held in the following countries:
- Taiwan
- USA
- Iran
- Russia
- Ukraine
- South Korea
- India
- Austria
- United Kingdom
- European Parliament
The BRICS group is due to expand, taking on the following new members: Egypt, Ethiopia, Iran, Saudi Arabia, and the United Arab Emirates. BRICS is now seen as an economic group to rival the G7, so it is anticipated that this expansion will lead to increased targeting of G7 financial institutions.
In July, the 2024 Summer Olympic Games will be held in Paris, France. Such events provide numerous opportunities for threat actors to make financial gains through fraudulent ticketing, and phishing to obtain financial data and credentials. Furthermore, it provides a canvas with global attention for those with a hacktivist agenda, ensuring their message reaches a wide audience.
Regulatory Changes Driving Threat Actor Innovation
Changes to regulations regarding the reporting of significant breaches, implemented in the USA by the Securities Exchange Commission (SEC), will force threat actors to hone and improve their stealth methods. We anticipate seeing increased focus on encryption and evasion techniques to allow threat actors to maintain undetected persistence within victim networks, to avoid triggering reporting to the SEC, and the expected forensic-level scrutiny that would follow. We believe that threat actors may look to non-material systems as a lower-risk target and entry point, quietly building their access, persistence and privileges from there before targeting higher-value network resources.
Additionally, we are also beginning to see ransomware groups using this new reporting requirement as an additional blackmail tool, threatening to report victims to the SEC themselves if their demands are not met. It is expected that this tactic will expand in use over the year to come.
What’s in store for SOS Intelligence in 2024
2024 looks to be an exciting year for SOS Intelligence.
Our team is growing further with a full time developer joining in early 2024. This will allow us to focus on improving the usability of the product, implement new features, and generate new data collection streams.
One of our key focus areas will be to improve the quality of the context around the data we provide. Improvements made to the platform will allow customers to see pertinent information relating to data sources, giving context to the risk and threat posed by that source. This will allow customers to make more informed decisions about the risks to their business or that of their clients.
We will also be looking to expand and improve the quality of our data collection. One particular focus will be on improving the reporting of CVEs. We aim to expedite alerts of new, high-risk vulnerabilities to our clients and subscribers so they can better mitigate and protect against the risks they pose.
SOS Intelligence has been diligently monitoring the digital landscape over 2023. Our recent findings are a stark reminder of the rising threat of phishing attacks. Over the past year, we have observed over half a million unique credentials compromised through phishing, and with the growth of GenAI techniques, we expect that number to grow in 2024.
One standout feature of our technology is our real-time alert system. This capability ensures that our clients are promptly notified when their staff have fallen victim to phishing, allowing for a swift response and effective risk mitigation.
The unique services we provide at SOS Intelligence aren’t just about securing your digital assets; it’s a practical investment in proactive cybersecurity. Join us in creating a more secure digital environment.
Header Photo by freestocks on Unsplash