Cybersecurity firm Mandiant Inc. has launched its Google Cloud Cybersecurity Forecast, which forecasts the cybersecurity landscape of 2024. The report notes that with the advancement in technology, threats are evolving and attackers are changing their tactics, techniques and procedures. Cybersecurity industry and enterprises must adapt to keep up with the growing cyber threat landscape.
AI In Cyber Threats And Security
Generative artificial intelligence and large language models will be utilised in phishing, SMS and other social engineering operations, to make the content and material appear more legitimate, the report noted. While LLMs will allow attackers to feed in legitimate content, attackers will also be able to execute these campaigns at scale, using generative AI.
The report also warns that LLMs and other generative AI tools will increasingly be developed and offered as a paid service to assist attackers for purposes such as phishing campaigns and spreading disinformation.
Meanwhile, cyber defenders will use generative AI to strengthen detection, response and attribution of adversaries at scale. Enterprises will leverage AI for security purposes, which will help them to reduce toil, address threat overload and close the talent gap in cybersecurity.
Global Forecasts
-
Continued Use Of Zero-Day Vulnerabilities: There will be more zero-day use in 2024, particularly targeted towards edge devices and virtualisation software, which is challenging to monitor for security teams. Using zero-day vulnerability increases the number of victims and, based on recent mass extortion events, the number of organisations that may pay high ransomware or extortion demands.
-
Disruptive Hacktivism: The report predicts the rise of disruptive hacktivism and destructive wiper malware. It also suspects potential targeting of space-based infrastructure, such as satellites and communication networks along with attacks on hybrid and multi-cloud environments.
-
Cyber Espionage And Sleeper Botnets: Cyber espionage groups will continue to scale attacks on vulnerable internet of things and old devices, by creating sleeper botnets that can be discarded once caught or no longer useful. Their disposable nature will thus complicate tracking efforts.
-
Serverless Infrastructure: Cyber criminals will leverage serverless technologies within the cloud because they offer greater scalability, flexibility and can be deployed using automated tools.
-
Revival Of Ancient Techniques: Attackers will increasingly employ older, overlooked techniques, such as the anti-virtual machine technique. These are often easier to escape the detection of modern security systems.
-
Migration To Modern Programming Languages: Actors will continue utilising programming languages such as Go, Rust and Swift for software creation due to their great development experience, low-level capabilities, large standard library and easy third-party integration. This will generate the need for new detection signatures.
-
Developers Target In Supply Chain Attacks: The prevalence of supply chain attacks such as those against the Node.js package manager is likely to continue to grow, demonstrating how threat actors target software developers. Threat actors will likely shift to less monitored package managers such as PyPI (Python) and crates.io (Rust).
-
Cyber Insurance Premiums Remain Steady: The insurance market for cybercrimes is getting lenient owing to a rise of insurers with ambitious cyber growth goals. This will likely lead to broadening of coverage to compete in the new landscape.
-
Security Operations Consolidation: Security Operations will be more consolidated due to increasing demand for an integrated cybersafe ecosystem by customers that will help them jumpstart their security programmes.
JAPAC Forecasts
The report notes that the election season in India, Taiwan, South Korea and Indonesia is likely to invite increased incidences of espionage, hacktivism, cyber crime and information operations.
Pig butchering scams, which are a combination of cyber crime and human trafficking, will continue to be an issue in Japan and Asia-Pacific countries. In these scams, actors pose as potential romantic partners for long periods to gain trust of victims and then convince them to invest in various fraudulent financial schemes.
Advanced solutions and endpoint detection tactics are spreading across JAPAC, thus maturing their security operations. However, the report suggests that organisations still need to prepare for exploitation of zero-day in security, networking, software virtualisation and other disguised attacks within victim networks.