Criminal activities surged in the first half of the year, with Check Point Research (CPR) reporting an 8% increase in global weekly cyberattacks in the second quarter, marking the highest volume in two years. Familiar threats such as ransomware and hacktivism have evolved, with criminal gangs modifying their methods and tools to infect and affect organizations worldwide. Even legacy technology such as USB storage devices regained popularity as a vehicle to spread malware.
One of the most significant developments this year was the evolution of the ransomware landscape. Data derived from over 120 ransomware “shame-sites” revealed that in the first half of 2023, a total of 48 ransomware groups reported breaching and publicly extorting more than 2,200 victims. There have been several high-profile cases this year including the attack against MGM Resorts, which shutdown major Las Vegas sites for several days and is likely to cost millions in remediation.
Check Point’s cybersecurity predictions for 2024 broadly fall into seven categories: Artificial Intelligence and Machine Learning; GPU farming; Supply chain and critical infrastructure attacks; cyber insurance; nation state; weaponized deepfake technology and phishing attacks.
Artificial Intelligence and Machine Learning:
- Rise of AI-directed cyberattacks: Artificial intelligence and machine learning have dominated the conversation in cybersecurity. Next year will see more threat actors adopt AI to accelerate and expand every aspect of their toolkit. Whether that is for more cost-efficient rapid development of new malware and ransomware variants or using deepfake technologies to take phishing and impersonation attacks to the next level.
- Fighting fire with fire: Just as we have seen cybercriminals tap into the potential of AI and ML, so too will cyber defenders. We have already seen significant investment in AI for cybersecurity, and that will continue as more companies look to guard against advanced threats.
- Impact of regulation: There have been significant steps in Europe and the US in regulating the use of AI. As these plans develop, we will see changes in the way these technologies are used, both for offensive and defensive activities.
“Our reliance on AI for cybersecurity is undeniable, but as AI evolves so will the strategies of our adversaries. In the coming year, we must innovate faster than the threats we face to stay one step ahead. Let’s harness the full potential of AI for cybersecurity, with a keen eye on responsible and ethical use, ” – Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software Technologies.
Hackers will Target the Cloud to Access AI Resources – GPU Farming:
- As the popularity of generative AI continues to soar, the cost of running these massive models is rapidly increasing, potentially reaching tens of millions of dollars. Hackers will see cloud-based AI resources as a lucrative opportunity. They will focus their efforts on establishing GPU farms in the cloud to fund their AI activities. Just as computational cloud resources were a prime target for Crypto Mining a few years ago, 2024 will bring the emergence of GPU Farming as the latest and most sought after target in the realm of cloud based cyberattacks.
Supply chain and critical infrastructure attacks:
- Zero trust in the supply chain: The increase in cyberattacks on critical infrastructure, particularly those with nation-state involvement, will lead to a shift towards “zero trust” models that require verification from anyone attempting to connect to a system, regardless of whether they are inside or outside the network. With governments introducing stricter cybersecurity regulations to protect personal information, it will be essential for organizations to stay ahead of these new legal frameworks.
- Supply chain still a weak link: The rate of incidents involving the supply chain remains a challenge for organizations and the impact can be far reaching. This will continue to be a trend next year if organizations fail to carry out stricter evaluations of third-party suppliers.
- Strengthening Security Protocols: Recent breaches highlights the critical importance of stronger security protocols in the supply chain. As cybercriminals target smaller downline suppliers to access bigger companies, organizations must demand stricter evaluations and implementation of security protocols to prevent further attacks.
Cyber insurance:
- AI in Insurance: Like all industries, AI is set to transform the way that insurance companies assess how cyber resilient prospective customers are. It is also going to provide opportunities for these companies to offer cybersecurity services directly. However, it is crucial to note that AI alone cannot solve all cybersecurity challenges, and companies must balance security with convenience.
- Preventative approach to reduce premiums: With rising costs of cyber insurance and talent shortages, organizations will begin to shift from reactive security to more effective defensive security. By demonstrating preventative action against cyberattacks, organizations may see their premiums reduced.
Nation state attacks and hacktivism:
- The staying power of cyber warfare: The Russo-Ukraine conflict was a significant milestone in the case of cyber warfare carried out by nation-state groups. Geo-political instability will continue into next year, and hacktivist activities will make up a larger proportion of cyberattacks, specifically DDoS attacks, with the key aim to disturb and disrupt.
- Masking hidden agendas: While many hacktivist groups use a political position as a reason to launch attacks, they may be masking ulterior motives. We could see blurred lines between hacktivism and commercialism with threat actors choosing ransomware attacks as a revenue stream to fund other activities.
Deepfake technology will be weaponized:
- Deep fake technology advances: Deepfakes are often weaponized to create content that will sway opinions, alter stock prices or worse. These tools are readily available online, and threat actors will continue to use deepfake social engineering attacks to gain permissions and access sensitive data.
Phishing attacks continue to plague businesses:
- Phishing and legitimate tools: Software will always be exploitable. However, it has become far easier for threat actors to “log in” instead of “break in”. Over the years, the industry has built up layers of defense to detect and prevent intrusion attempts against software exploits. With the relative success and ease of phishing campaigns, next year will bring more attacks that originate from credential theft and not vulnerability exploitation.
- Advanced phishing tactics: AI-enhanced phishing tactics might become more personalized and effective, making it even harder for individuals to identify malicious intent, leading to increased phishing-related breaches.
Ransomware: Stealthy Exploits, Enhanced Extortion, and AI Battlefields
- Living Off the Land Tactics Prevail: The adoption of “living off the land” techniques, which leverage legitimate system tools to execute attacks, is expected to surge, especially in light of successful takedowns of malware networks like Qbot by agencies such as the FBI. This subtler approach, harder to detect and thwart, underscores the necessity for sophisticated threat prevention strategies, including Extended Detection and Response (XDR) that can pinpoint device and network behavior anomalies.
- Data Risks Amidst Ransomware Defenses: Despite organizations bolstering their defenses against ransomware, incidents of data loss or leakage are likely to ascend. A contributing factor may be the increasing reliance on SaaS platforms to store sensitive data as part of application services, presenting new vectors and vulnerabilities that malicious entities can exploit.
- Ransomware Reporting Nuances: The observed increase in ransomware attacks will require discerning interpretation, potentially being inflated due to newly instituted reporting mandates. It is imperative to dissect these statistics judiciously, understanding the dynamics of reporting protocols in analyzing the true scope and scale of the threat.
“The use of artificial intelligence by ransomware attackers will become more advanced, requiring organizations to not only focus on preventing attacks, but also enhancing their incident response and recovery plans to mitigate the potential impact. As attacks become more sophisticated, organizations need to evolve their approach to security to stay ahead of the game.” – said Daniel Wiley, Head of Threat Management and Chief Security Advisor, Infinity Global Services at Check Point Software Technologies.
As cybercriminals continue to evolve their methods and tools, organizations need to adapt their cybersecurity measures. In 2023 we have witnessed several large-scale attacks. In today’s threat landscape, companies not only have to prioritize their own security protocols, but also scrutinize the security practices of their third-party suppliers. With the rise of AI-enhanced cyberattacks, zero trust models, and deepfake technology, it is more important than ever to invest in collaborative, comprehensive and consolidated cybersecurity solutions. We must stay vigilant and agile in the face of the expanding attack vector, and work together to create an effective defense against cyber threats.