In 2024, cybersecurity predictions suggest a heightened risk of cybercriminal activity because of ongoing geopolitical tensions, significant elections in the U.S. and European Union, and the Paris Olympics. Cyber attacks leveraging generative AI executed by Nation-State sponsored hackers against various targets will continue to increase in complexity and velocity.
Security operations engineers dealing with these next-generation attacks often face increased levels of stress and anxiety. An analysis by Lyra Health found that a 81% percentage of workers have reported experiencing mental health issues due to the pandemic, and 65% also stated that their mental health has had a direct impact on their work performance.
Furthermore, hackers will direct their email phishing campaigns against people, and critical infrastructure.
What Will Become Most Targeted by Cyberattacks in 2024?
This year, in 2024, cyberattacks will continue to wreak havoc on existing favorite targets of cybercriminals, hackers, and scammers. These include healthcare, FinTech, biotech, government, education, and OT/IoT systems. Furthermore, this year, we will also see an increase in situational-specific targets, including electronic medical records, government employees serving in the intelligence field, and corporate executives focusing on clean energy and military supply chains. These targets may be relevant for 2024 only or specific to one vertical market or IT solution capability.
Nation-state attacks focus on critical infrastructure, theft of fundamental strategy intellectual property, and compromising military systems. In a recent press announcement, FBI Director Christopher Wray outlined the continuous cyber threats from China against critical infrastructure affecting American cities.
“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict.” Additionally, CISA, NSA, FBI, and international partners issued an urgent advisory on February 7, 2024. The advisory highlights that Chinese state-sponsored threat actors, Volt Typhoon, targeted specific U.S. systems for five years, aiming to destabilize critical infrastructure sectors.
What are the Motivations Behind Nation-State-Sponsored Cyberattacks and the Addition of State-Sponsored Bounty?
Equally important, CIOs and CISOs will expect more cyber attacks from a nation-state in 2024. Financial services, healthcare, and supply chain attacks focus more on the financial gains hackers can expect from their various attacks. Including financial fraud, business email compromise, and identity theft. Nation-state-sponsored attacks become driven by reasons other than financial.
The FBI and Microsoft confirmed that Chinese hacker Group Storm-0558 accessed email data from about 25 organizations and some related consumer accounts starting on May 15, 2023. Also, on January 12, 2024, Microsoft detected a breach by Russian APT group Midnight Blizzard (formerly Nobelium), known for its involvement in the SolarWinds supply chain compromise. The APT group breached email accounts of Microsoft’s senior executives.
Does Ransomware as a Business Profit in Jeopardy in 2024?
Ransomware remains a significant threat in 2024, with increasingly complex tactics and assertive negotiations.” Cybersecurity Ventures predicts global damages from cybercrime will exceed $10.5 trillion by 2025.” Ransomware might decline in 2024 as more countries refuse to pay and fewer companies give in to the pressure. Likewise, this positive change in the threat landscape is finally causing cash flow problems for ransomware operators.
Even with the possibility of a financial recession in the ransomware marketplace, organizations still need to consider implementing effective backup strategies, providing employee training, getting cyber insurance, developing negotiation expertise, and establishing incident response plans.
Rise in DeepFake and Cyberbullying
An emerging concern for 2024 is the growing prevalence of cyberbullying, which is expected to be worsened by the increasing use of deepfake technology. “Deepfake cyberbullying affects both the victims and their families. It devastates loved ones, who witness the distress and suffering.”
Protecting children from relentless cyberbullying is a daily challenge for families, the community at large, and organizations preventing this content from within. Families endure emotional burdens while supporting their children through this horrible experience.
Generative AI Tools Creating Election Interference
In 2024, deepfake will play a critical role in the U.S. and global elections. Hackers cloning people’s voices combined with creating fake images of politicians, heads of state, or donors have created effective misinformation campaigns.
For example, this new and innovative attack vector powered by AI places a substantial burden on media companies like Fox, CNN, and SkyNews. These media outlets and online streaming providers are critical in blocking and removing deepfake content.
As a positive step forward, major technology firms have pledged to combat the misuse of artificial intelligence in disrupting democratic elections. This initiative, announced at the Munich Security Conference, aims to address the issue of AI-generated deepfakes that mislead voters. However, the agreement is criticized for being symbolic. Obviously, it is just an initial step, and there is a need for a more concrete, collaborative approach across sectors.
How Do Bad Actors Exploit SaaS Applications?
The Cloud Security Alliance conducted a study that found that SaaS is crucial for operations in organizations of all sizes. With businesses relying on the cloud for their essential data, the security of these applications becomes paramount.
Based on the findings of the Thales 2023 Cloud Security Report, there has been a significant increase of 41% in the average number of SaaS applications used by organizations from 2021 to 2023. Additionally, 55% of security executives surveyed reported experiencing data breaches, leaks, malicious applications, ransomware, espionage, or insider attacks related to SaaS applications within the past two years. These findings suggest organizations need to safeguard SaaS data more effectively.
On the other hand, authorities continue providing guidance on cloud security. For example, the National Security Agency (NSA) of the United States, has released a comprehensive guide, Top Ten Cloud Security Mitigation Strategies in March 2024.
AI-Powered Attacks Against Supply Chains
One emerging trend is the increase in supply chain attacks, where attackers aim to compromise the integrity of products and services by targeting supply chains. Recent incidents, like the SolarWinds hack, have shown the severe consequences of supply chain attacks, as they can affect both organizations and their customers.
In a recent posting from MITRE, “Most organizations today acknowledge that AI supply chain risk is an important yet unmanaged aspect of their AI stack.” MITRE Corporation developed the ATLAS database in partnership with Robust Intelligence in response to the ongoing challenges for organizations to protect their supply chains from cyberattacks. This open-source project helps organizations assess the various risks through publicly accessible AI data. This project helps give organizations valuable insight into potential risks within their supply chain based on processed LLM data.
What are the Various Implications of Quantum Computing on Encryption Algorithms?
Without a doubt, Quantum Computing is a new paradigm that has the potential to solve problems that most classical computers cannot achieve.
Indeed, these computers could break widely used security protocols by the 2030s, making classical systems more vulnerable. “Harvest now, decrypt later” attacks may increase in the coming years because of the rapid advancement of quantum computing.
On the other hand, technology companies are taking proactive steps to secure their solutions against future quantum threats. For instance, in February 2024, Apple announced PQ3, a new post-quantum cryptographic protocol, for iMessage.
How will Using AI by Threat Actors Change the Global Threat Landscape?
In 2024, there will be a surge in the symbiosis between AI and botnets. AI capabilities will empower botnets to become more widespread and sophisticated, posing cyber threats. Hackers and cybercriminals will use AI-powered botnets to automate their cybersecurity attacks at a much grander scale.
This trend mandates organizations evaluate their current strategy while increasing their cybersecurity investments in automated AI-defense protection layers. Investment in AI-powered defense is needed to stop botnets and other next-generation attacks.
Cybersecurity and cyber resilience are different but essential in 2024 and beyond. Cybersecurity prevents attacks, but even the best security doesn’t guarantee complete protection. Even with the inception of Zero trust architectures (ZTNA), Blockchain technology, and extended detection and response (XDR) capabilities, hackers seem to adjust their attack vectors faster with more incredible velocity than organizations and MSSPs can react.
In 2024, organizations will prioritize investing in automation and resilience to enhance data recovery post-breach, while alleviating stress on critical cybersecurity resources. Stay ahead by implementing automation strategies to bolster defenses and streamline response protocols.”
Should you need help preparing for cybersecurity attacks in 2024, please contact Cubic Consulting at https://cubic.consulting. Help involves personal training, risk meeting preparation, cybersecurity strategy review, etc.
- Comparing SIEM, SOAR, and XDR for SMEs and SMBs: Complexity and Cost Guide
- Invest in Data Security Now to Avoid Costly GDPR Fines
- Virtual Workforce and Workplace: The Role of a vCISO in a Post-Pandemic World
- Executive Board Members Seeking Greater Security Discussion with CISOs
- How Does the Board of Directors Oversight Validate the Organization’s Cybersecurity Strategy?
- What are the Expected Changes and Challenges Regarding Cyber Threat and Risk Management in 2024?