With the cyber threat landscape constantly changing, it is essential to stay up to date with current and emerging security issues.
In this article, we outline likely threat landscape trends for 2024, based on what has been observed in 2023, and predict key areas of concern for the months ahead.
Use of artificial intelligence (AI) in cyberattacks and defense ramps up
AI continues to be a hot topic in security, not only due to its role in supporting security efforts but also for the new types of security risks it presents, for example, through the exploitation of chatbots.
It is highly likely that we will see threat actors continue to leverage AI for developing malware and social engineering throughout 2024. Another area in which AI will be utilised is in the use of defense mechanisms for real-time threat detection and automated response systems.
Organisations also need to be vigilant about the use of more sophisticated voice-related phishing and company website trawling in highly targeted social engineering campaigns.
Attacks on software supply chains increase
Third-party risk grabbed the headlines in 2023 due to the extensive impact of the CLOP ransomware gang’s exploitations of the MOVEit Transfer vulnerability, as well as the rise of social engineering attacks.
2024 is likely to be the year in which we see rising numbers of attackers compromising widely used software components. This trend puts pressure on organisations to employ enhanced security measures in software development and distribution. Technology companies should be on notice to stay vigilant in the months ahead.
As the latest Kroll Data Breach Outlook report discusses, in 2023 we saw over a quarter of a million calls from the technology sector and provided over a million monitoring activations. This trend points to another challenging year ahead for tech companies.
Zero-day and one-day vulnerability exploitation
Activities by key threat groups such as KTA008 (CLOP) took centre stage in 2023, and large scale exploitations look set to continue in 2024. It is very likely that this year will see the escalation of activities by CLOP and other groups, demonstrating their ability to develop zero-day vulnerabilities, and other ransomware groups, such as BLACKCAT and LOCKBIT, leveraging one-day vulnerabilities to exfiltrate data and deploy ransomware.
Ransomware attacks grow more sophisticated
2023 saw ransomware evolve as a threat, with increasing numbers of organisations affected. This trend is set to continue in 2024 with ransomware attacks anticipated to become even more targeted in 2024, with a greater impact on critical infrastructure and high-value victims.
The UK’s National Cyber Security Centre (NCSC) has also highlighted ransomware as likely to increase globally due to the continual malicious use of AI.
Threats targeting remote workers and associated infrastructure on the rise
With hybrid and remote working now common among many businesses, organisations must remain vigilant about securing remote access and defending against threats like phishing and credential theft.
They should pay particular attention to bring your own device (BYOD) policies, and defending against the risk of threat actors targeting home workers’ personal devices in order to gain access to corporate credentials. Businesses also need to be vigilant about newer types of phishing, such as the use of QR codes, identified by Kroll in 2023.
Business email compromise (BEC) remains a threat to all organisations
Email-based threats continue to pose a significant threat with BEC set to be a significant challenge in 2024. This is due to threat actors gaining access to more powerful tooling, such as AitM frameworks, and phishing-as-a-service operators modifying their templates and tools to make email compromise easier and more efficient.
Concerningly, organisations’ own security measures are exacerbating this issue, as 90% of organizations being investigated had multi-factor authentication (MFA) in place at the time of unauthorised access in large-scale AiTM phishing and BEC attacks.
Threat actors are increasingly leveraging novel phishing-as-a-service toolkits and social engineering tactics to compromise passwords and MFA tokens, especially against popular cloud services such as Microsoft 365. As a result, organisations need to avoid being complacent about their own level of cyber maturity, a key risk factor highlighted in our 2023 State of Cyber Defense 2023: Detection and Response Maturity Model report.
Cloud security challenges escalate in increasingly complex environments
With rising numbers of organisations moving to cloud-based solutions, cloud security will become increasingly complex in 2024 and beyond. This will lead to a focus on securing multi-cloud environments and managing cloud-based data security, with security teams relying more on SaaS and Cloud Logs for detection of and response to cloud threats.
As cloud threats look likely to increase in all areas, organisations also need to carefully consider how they address common challenges in cloud incident response through the entire intrusion lifecycle.
How Kroll can help
With the threat landscape remaining volatile in 2024, organisations must take proactive measures to ensure that they are fully prepared for the challenges that lie ahead. Discover our range of specialist security services to reduce the burden and enhance your organisation’s cyber resilience.
Get in touch to learn more.