With the rise of Cybercrime-as-a-Service (CaaS) operations and the advent of generative artificial intelligence (AI), it is easier than ever for threat actors to carry out attacks. As the capabilities of their respective toolkits grow, bad actors will increase the sophistication of their activities and launch more targeted and stealthy attacks designed to evade robust security controls. and become more agile by streamlining every tactic in the attack cycle. In Cyberthreat Predictions for 2024, the FortiGuard Labs team analyzed the new era of advanced cybercrime, revealed how artificial intelligence is changing the (attack) game, shared new threat trends to watch for in 2024 and beyond, and offered advice on how organizations around the world can improve their collective resilience to the ever-changing threat landscape.
Many attack tactics have been observed and discussed over the years: the “classics” do not disappear, but rather evolve and advance as attackers gain access to new resources. For example, when it comes to the Advanced Persistent Threat (APT), increased activity is expected from a growing number of these groups. In addition to the evolution of APT operations, cybercrime groups are generally expected to diversify their targets and strategies, focus on more sophisticated and disruptive attacks, and focus on denial-of-service (DoS) and extortion. Cybercrime “territorial conflicts” also continue, with multiple groups targeting the same targets and distributing variants of ransomware, often within 24 hours or less, a phenomenon reported to organizations by the FBI earlier this year. Finally, let’s not forget the development of generative artificial intelligence, which adds fuel to an already raging fire and offers attackers an easy means to improve many phases of their attacks. As predicted in the past, we are seeing cybercriminals increasingly use AI to support malicious activity in new ways, from evading detection to social engineering to mimicking human behavior.
New threat trends to watch from 2024
While cybercriminals have always relied on proven tactics and techniques to make a quick buck, attackers today have an increasing number of tools at their disposal to help them carry out their attacks.
As cybercrime evolves, several new trends are expected to emerge from 2024 onwards. Here’s a taste of what to expect.
- give me more power: Ransomware attacks around the world have skyrocketed in recent years, making every organization, regardless of size or industry, a target. As an increasing number of cybercriminals launch ransomware attacks for a quick buck, cybercriminal groups are quickly running out of smaller, easier-to-hack targets. In the future, therefore, bad actors are expected to adopt a make-or-break approach, targeting critical industries such as healthcare, finance, transportation, and utilities, which, if breached, would have a significant negative impact on society and create profit for the attacker more substantial. Additionally, they will tend to expand their patterns, making attacks more personal, aggressive, and destructive;
- It’s a new day for zero days: As organizations expand the number of platforms, applications, and technologies they rely on for daily business operations, cybercriminals have more opportunities to discover and exploit software vulnerabilities. A record number of zero-day attacks and new common vulnerabilities and threats (CVEs) were observed in 2023, and the number continues to grow. Given the value of zero-days to attackers, we expect zero-day brokers to emerge among the CaaS community and cybercriminal groups that sell these types of threats on the dark web to more buyers. Zero days will continue to pose a significant risk to organizations;
- playing from the inside: many organizations are increasing security controls, and adopting new technologies and processes to strengthen their defenses. This makes it difficult for bad actors to infiltrate the network from the outside; therefore, cybercriminals must find new ways to achieve their goals. In light of this change, attackers are expected to continue to change their tactics, reconnaissance phase, and weaponization phase, leading to groups beginning to recruit a target within initial access organizations;
- the advent of “we the people†attacks: In the future, we expect attackers to take advantage of more geopolitical events and event-related opportunities such as the 2024 US election and the 33rd Olympic Games to be held in 2024 in Paris. While bad actors have always focused on big events, cybercriminals now have new tools at their disposal, notably generative artificial intelligence, to support their activities;
- Narrow the field for TTP: Attackers will inevitably continue to expand the set of tactics, techniques, and procedures (TTP) they use to compromise their targets. However, defenders can gain an advantage by finding ways to block these activities. While most of the day-to-day work done by cybersecurity professionals involves blocking indicators of compromise, it’s very useful to take a closer look at the TTPs that attackers regularly use to narrow the field and find potential “weaknesses.” on board”;
- 5G-based attacks are coming: with access to an ever-wider range of connected technologies, cybercriminals will inevitably find new opportunities for compromise. As more and more devices come online every day, cybercriminals are expected to make more use of connected attacks in the future. A successful attack on 5G infrastructure could easily compromise critical industries such as oil and gas, transportation, public safety, finance, and healthcare.
Entering a new era of cybercrime
Cybercrime affects everyone, and the consequences of a breach are often far-reaching. However, threat actors must not have the upper hand. Our community of cybersecurity experts can take many actions to better anticipate cybercriminals’ next moves and stop their activities, such as: working together between the public and private sectors to share threat information, adopting standardized measures for reporting threats, incidents, and more.
Organizations also have a vital role to play in the fight against cybercrime. It starts with creating a culture of cyber resilience, making every task cyber, implementing ongoing initiatives such as enterprise-wide cyber security training programs, and more targeted activities such as executive simulations. Finding ways to close the cybersecurity skills gap, such as tapping new talent to fill open roles, can help companies manage the combination of overstretched IT and cybersecurity workforces and a growing threat landscape. Threat sharing will become increasingly important in the future, as it will enable the rapid mobilization of protections.
