2024 Forecast: Cloudy with a Chance of Malware

It is that time of the year when you fill your piñata with seasonal fruits, you head over to the mall for last-minute shopping and you read this article to reflect on the cybersecurity trends to look out for in 2024. 

During the past year we have witnessed an accelerated evolution of the technology landscape, with AI taking center stage and showing its potential to rewrite the future of society and businesses around the world. The digital economy is rapidly evolving modern services like open banking, ce-ommerce and Internet of Things (IoT) automation applied in Industry 4.0. 

Unfortunately, the cybercrime economy is also booming and has built enough momentum to be considered a top risk to organizations, governments and communities worldwide. It is a trillion-dollar industry that has democratized cyberattacks and learned how to diversify cyber operations. More than ever, neither you nor your business should underestimate cybercriminals.

The World Economic Forum estimates that cybercrime is the third-largest economy. Retrieved November 2023, from: https://www.independent.co.uk/advisor/vpn/cybercrime-statistics

Artificial intelligence, on its own, introduces a variety of new risks that we need to be aware of in years to come. Hence, due to the particular interest in this topic, I have already published a relevant article that may help you prepare for Skynet.

With that in mind, let’s go over 2024’s security trends.

Cyber Warfare

History has taught us that war drives innovation (popular military inventions include the internet and microwave ovens). In today’s digital world, armed conflict has incentivized technological development in the form of cyber activity. For example, Russia’s invasion of Ukraine encouraged hacktivists to develop sophisticated denial of service attacks, with the goal of disrupting important web services, like banking and public transport. Through political manifestations and thanks to its complex nature, Web DDoS attacks gained notoriety in Dark Web forums, where threat actors rushed to adopt it as a new attack vector. Even ransomware operators are now leveraging Web DDoS as part of their tool set.

ChatGPT, Tesla and Microsoft are just some of 2023’s Web DDoS victims.

The ongoing war in the Middle East or the Mexican struggle with cartels are two events that may shape the future of cyberthreats. Keep a close eye on new techniques and tactics that arise from those conflicts, as they may later gain popularity in hacker forums for use against companies of every size and vertical.

Elections

The electoral processes in Mexico and the United States have massive implications for cyber activity. Politicians are no saints and they are willing to use every dirty play in the book to tilt the scale in their favor. Cyber espionage of political rivals, journalists and activists is expected to grow, in a foul attempt to foment political scandals (did someone say fake news?).

Deepfake and bot activity will also take the stage during the months we will all be bombarded with political propaganda, so don’t be surprised to see candidates under public scrutiny in social media platforms. More than ever, it is imperative to fact check information, debunk misrepresentative data and identify misleading claims before exercising your right to vote.

Targeted Extortion

Extortion has been around long enough for it to be taken seriously by security teams. Organizations are aware of the risks associated with ransomware campaigns and have started to stop these attacks; however, just when we thought things were under control, ransomware gangs elaborated new extortion techniques that allowed them to stay one step ahead in this ongoing cyber-crusade. Modern threat actors, like those behind the Las Vegas casino incidents, have proven how effective social engineering can be when deliberately coordinated with hostile behavior.

Adversaries are carefully crafting attacks against high-privilege users, to scale extortion success. IT and Service Desk representatives are popularly targeted by criminals, who threaten to expose them and their mistakes (like falling victim to a phishing scam) if they do not cooperate with internal information or administrative access. C-level executives should be aware that they are also an ideal victim due to the sensitivity of their private information and the potential impact to the business if they are publicly exhibited. 

ICS

The deteriorating relationship between the United States  and China has opened the opportunity for nearshoring operations to Mexico. While US companies are looking to reduce costs and time to market by relocating to the border, Mexico is looking to profit from foreign direct investment and economic growth. Nevertheless, this ideal situation for the manufacturing industry is threatened by the rise in targeted ICS/OT attacks. 

Most OT systems are considered insecure by design due to the lack of security controls, the large number of vulnerabilities (such as default configurations), the lack of encryption/access-controls and the legacy software running on production environments. Threat groups leverage this reality to exploit vulnerable systems and generate disruptive ICS attacks that can cause production shutdown, system tampering, data theft and potential safety and health risks. 

Organizations profiting from nearshoring should keep in mind that reshoring back from China may motivate action from Chinese state-sponsored adversaries that have proven to run effective campaigns against critical infrastructure. A holistic security strategy encompassing IT and OT environments should be established and supported by innovative security platforms that enable device discovery, system context visibility, behavioral monitoring and automated response against anomalies and threats. 

Organizations can leverage the MITRE ATT&CK ICS framework, to develop a security strategy that counteracts adversary tactics and techniques observed on industrial networks. Retrieved November 2023, from: https://attack.mitre.org/matrices/ics/

Supply Chain Attacks

The post-pandemic consumer is all about convenient, reliable and flexible services. Organizations are investing in hyperconnected environments to streamline the supply chain, thus improving productivity.

Cybercrime is also thriving from everything being connected by conducting attacks that exploit the weakest link in the supply chain, usually third-party providers. 

Anatomy of the SolarWinds Supply Chain Attack. Retrieved November 2023, from: https://blog.gitguardian.com/supply-chain-attack-6-steps-to-harden-your-supply-chain/

Software supply chain attacks are particularly popular due to the broad attack surface of modern applications. Since applications are no longer developed from the ground, but rather by integrating open components like APIs or WordPress plugins, there are many potential weak spots that malicious actors take advantage of. Take the MOVEit data breach as an example, where the Cl0p ransomware gang abused a zero-day vulnerability on the file transfer application used by thousands of organizations around the world. By exploiting a single vulnerability in a popular application, the Cl0p group stole data affecting over 70 million people (and counting). 

Cybercrime would not be a trillion-dollar industry if it was not run by professional criminals. Their supply-chain attacks are planned and targeted toward applications rich with sensitive data, so heads up to any organization not actively protecting APIs and, in particular, any provider of healthcare, education, legal or financial services. Achieving visibility and control over API and software bills of materials is a step in the right direction.

Businesses planning for a successful 2024 should assimilate the value that cybersecurity brings to growth, operational efficiency and compliance. Industries are becoming more strictly regulated, consumers are demanding privacy and acceptable user experience, and cost reduction is imperative in a decelerating economy. Challenge your business to act and leverage security investments as a key driver for profitable growth. The threat landscape is rapidly evolving, executives should understand that even if security teams cannot flawlessly predict future cyberattacks, leadership support and awareness is the basis of the paradigm shift we have all been working for.

No one knows for sure who will break a world record in the Olympics or which political candidates will emerge victorious in the elections. While there is a trend to follow, caution should be exercised and just like athletes and politicians, we should prepare and be ready for anything that 2024 sends our way.