Cyber security trends to watch for in 2024

AI will enhance current strategies on all fronts

Emergence of new AI-powered technologies will enhance the activity of both defenders and attackers

2023 has seen the increased emergence of generative AI tools (such as ChatGPT) in a variety of industries with novel applications ranging from email marketing to code development. Experts agree that AI tooling will greatly enhance the capabilities of both attackers and defenders in the cyber security landscape.

Generative AI tools like WormGPT (available on dark web markets) are currently capable to automate the design of spear phishing emails and other impersonation attacks allowing threat actors to generate more convincing phishing emails on an industrial scale. In addition, 2023 has also seen the emergence of AI for the creation of fabricated audio, video and digital images, used for impersonation as well as disinformation.

The increased sophistication of Large Language Models (LLMs) has also led to their use in developing malware, such as information stealers (which would allow harvesting of credentials) and encryption tools. According to Kaspersky, generative AI is expected to dramatically lower the barrier of entries for cybercrime, leading to a surge in “lower-quality campaigns” in 2024. This view is also shared by the UK NCSC, which predicts that AI technology “is more likely to amplify existing cyber threats than create wholly new ones”. 

Thankfully, AI is also expected to reduce the burden on defenders by providing enhanced tooling for detection of threats, security operations and management. Research from IBM shows that 1 in 2 executives claim that AI will improve their ability to allocate resources, capacities and talent with almost all (92%) claiming that it is likely to greatly enhance current cybersecurity personnel skills and abilities. As a result, 2024 is likely to see traditional cyber-attacks and cyber defence strategies, but greatly enhanced by generative AI.

Hacktivism to increase coinciding with geopolitical pressures

Hacktivism driven by geopolitical conflict is expected to increase with critical national infrastructure (CNI) to be particularly affected

A recent report by Orange Cyberdefence has noted a surge in hacktivism, predominantly linked to the war in Ukraine. This echoes similar statements made in the UK National Cyber Security Centre‘s annual review who has reported an increased in state-aligned but not state affiliated threat actors targeting critical national infrastructure (within Ukraine) as well as transport hubs, humanitarian aid and manufacturing infrastructure related to the conflict in partnering countries. This is evidenced by 85% of attacks perpetrated by hacktivists occurring in Europe, notably in countries geographically close to the conflict.

However, recent attacks on industrial control systems in Israel generally show an increase in hacking being used to achieve geopolitical goals by “state-aligned” threat actors more generally. This trend is likely to remain in 2024 and is likely to affect organisations operating in geopolitical hotspots or those involved in critical infrastructure. 

Supply chains to be more acutely targeted

Increased attacks on software vendor supply chains are evidence of increased interest by threat actors

2023 has been a difficult year for supply chains, with high profile attacks on Managed File Transfer (MTF) vendors such as MoveIT and GoAnywhere making headlines and exposing data on over 600 organisations in a single attack. Attacks on the software supply chain are particularly dangerous, as a compromise of specific software used by a large variety of organisations can easily lead to mass compromise of even well defended organisations.

The severity of these attacks has been reflected by national and international authorities, with the NCSC publishing guidance specifically on supply chain security and proposing supply chain specific challenges to security researchers in its NCSC Research problem book. In addition, the US government agency CISA has released a roadmap for securing open source software, which currently serves an estimated 96% of software projects and is expected to include measures such as the establishment of a secure software bill of materials (BOM).

The complex and interconnected nature of supply chains, coupled with the relative success of exploitation from threat actors seems to suggest that next year will see increased targeting from threat actors in this domain.

Ransomware expected to be more sophisticated and aggressive

Ransomware as a Service (RaaS) will not only drive greater sophistication of ransomware but will also lower the barrier of entry for criminals

Unsurprisingly, ransomware has maintained popularity with cyber criminals in 2023 being one of the most common forms of cyber attack on UK businesses, this trend is not expected to change in 2024. Of note is the increased sophistication of ransomware actors in this space, which have seen increased use of Ransomware as a Service (RaaS), allowing lower skilled groups to perform sophisticated ransomware attacks.

The RaaS service model is not a new development (with some forms being detected as far as 2012) however, increased popularity of RaaS has led to an increase in the professionalisation and specialization of cyber criminals, spawning an ecosystem of increasingly sophisticated tooling based around ransomware and dedicated development of exploits to target vulnerabilities available for patching by the vendor but not patched by users (known as 1-days).

This is likely to lead to a considerable increase in the sophistication of attacks as well as reduce the barrier of entry to attackers (as RaaS removes the technical barrier needed to stage ransomware attacks).

The methods used for ransom by gangs have also evolved. A report from Unit 42 (Palo Alto’s Cyber Threat Intelligence division) notes that ransomware attacks now involve both data encryption and harassment components. This is likely a method to circumvent changes in defender tactics, as more organisations are now adopting robust backup techniques.

The percentage of ransomware attacks involving threats of data leakage has increased substantially from 40% of attacks in 2021 to 70% in late 2022 and is likely to increase in 2024. Likewise, targeted harassment of executives has increased from 1% (in 2021) to 20% (in late 2022), showing a worrying upwards trend of harassment rather than the more familiar encryption of data. This should prompt a revisiting of current strategies regarding ransomware, as the threat evolves.