The year 2024 promises a cybersecurity landscape marked by both persistent challenges and emerging trends. As technology advances, so do the tactics of cyber adversaries, necessitating a proactive and adaptive approach to security.
According to Aleks Gostev, Chief Technology Expert at Kaspersky, the main threats of 2023, the development of which we expected a year ago, have not only materialised, but have reached a more critical level.
Hacktivism on the rise
First of all, he says this relates to the growth of “hacktivism” and the problem of ransomware. Gostev sees a close convergence of the two threats, with attackers using encryption and extortion not only for financial gain but also as part of geopolitical events.
“The conflict between Israel and Hamas has brought into the arena tens of times more different hacker groups than Russia-Ukraine - and these groups will remain active for a long time. In addition to their direct actions of destruction, such as data deletion, DDoS attacks, and website hacking, they will also seek to inflict direct financial damage on their victims, including through extortion,” he explains.
This fusion of hacking techniques with political or social activism, will experience a resurgence in 2024 as geopolitical conflicts remain centre stage. Threat actors motivated by political ideologies, environmental concerns, or social justice causes will increasingly leverage cyberattacks to advance their agendas. These attacks often manifest as website defacements, data breaches, or denial-of-service (DoS) attacks, aiming to disrupt operations and spread a particular message.
The anonymity provided by the digital realm makes hacktivism an attractive avenue for those seeking to make a statement or effect change. In response, companies need to be vigilant in monitoring for signs of politically motivated cyber threats and bolster their defences against hacktivist tactics.
The scourge of ransomware
Ransomware will remain a significant threat to organisations of all sizes, and 2024 is anticipated to witness a continued evolution in ransomware tactics across the board. While encrypting files and demanding a ransom has been the traditional approach, cybercriminals are becoming more sophisticated. Double extortion, where threat actors not only encrypt data but also exfiltrate sensitive information, is becoming more prevalent, as this dual-threat tactic adds an additional layer of pressure on victims, increasing the likelihood of ransom payment.
Furthermore, the rise of "big-game hunting" attacks, where attackers target high-profile organisations with significant financial resources, is expected. These attacks yield larger ransom payouts, making them an attractive option for bad actors. As a response to these evolving tactics, entities need to prioritise regular backups, employee training, and robust cybersecurity measures to mitigate the impact of ransomware attacks.
Concurrently, traditional ransomware cybercriminal groups are becoming increasingly international, and are no longer just coming out of Eastern European, says Gostev. Moreover, in an attempt to gain access to victim networks, these groups are moving more and more away from hacking towards bribery, blackmail, and threats to employees in the physical world. This creates a new aspect of information security, where the risk of insider actions increases significantly.
As a result of all these factors, the growing number of leaks from various databases containing personal data is inevitable. Once widely available, they entail not only a subsequent increase in attempts to hack user accounts and the use of their personal data for phishing or fraud, but also fines for affected organisations, hefty costs associated with fixing the problem, as well as the cost of personnel and their training, adds Gostev.
Critical infrastructure in the cross-hairs
Critical infrastructure will also be increasingly by bad attackers, particularly hacktivists, and traditional cybercrime will also begin to look for ways to monetise attacks on industrial systems. Unfortunately, these are industries in which continuity of operations is paramount, so the success of extortion attempts is more likely.
Gostev says this also calls into question international initiatives in which more than 40 countries plan to sign pledges not to pay extortionists. This can only work in the case of ordinary businesses, such as casinos, retailers, or hotel chains, where the worst case scenario is financial losses for the victims. When it comes to critical infrastructure, the nature of these operations means the question of “to pay or not to pay” may, in principle, not arise.
There’s no doubt that threat actors are recognising the potential impact of disrupting essential services, such as energy, transportation, and healthcare. The consequences of a successful ransomware attack on critical infrastructure extend beyond financial losses, posing risks to public safety and national security.
Governments and public sector entities responsible for these services must invest in cybersecurity measures that go beyond traditional IT security, incorporating strategies to safeguard operational technology systems. Collaboration between public and private sectors also becomes critical to fortify defences and respond effectively to potential threats.
Over and above ransomware, the digitisation of critical infrastructure introduces other new attack vectors. In 2024, we can expect cybercriminals focus on exploiting vulnerabilities in both industrial control systems (ICS) and SCADA (Supervisory Control and Data Acquisition) systems, which are integral components of critical infrastructure.
Attacks on OT can have severe consequences, ranging from service disruptions to physical damage. Those responsible for critical infrastructure must prioritise securing OT systems, including implementing robust access controls, conducting regular security assessments, and investing in technologies that detect and respond to anomalous activities in industrial environments.
Rapid developments in AI
Gostev says in response to the growing number of attacks and threats, we can also expect a rapid development of artificial intelligence (AI) systems in information security. This is the path that antivirus companies took when, at the end of the 2000s, they were faced with an increase in the number of malicious samples by orders of magnitude - which made their manual analysis impossible and led to the creation of automatic analysis and detection systems.
Now the task of automation falls on the level of employees of information security departments in companies and SOCs. And this also requires them to have new knowledge and constant training in all new technologies in the field of AI, he explains.
It’s also important to note, that as AI technologies continue to advance, cybercriminals are leveraging them to enhance the efficiency and sophistication of their attacks. In 2024, we can anticipate an increase in AI-driven attacks, where machine learning algorithms are employed to analyse targets and adapt attack strategies in real time. These attacks are designed to be more targeted, evasive, and capable of bypassing traditional security measures.
AI-driven attacks may involve the use of generative adversarial networks (GANs) to create convincing phishing emails or the automation of reconnaissance activities to identify vulnerabilities in systems.
This is why cybersecurity practitioners need to stay ahead of the curve by integrating AI-driven tools into their defence strategies. This includes the use of AI in the ways Gostev mentioned, as well as threat detection, behavioural analysis, and anomaly detection to identify and respond to emerging threats effectively.
Moreover, as AI takes on a more significant role in cybersecurity, the need for transparency and interpretability becomes key. Explainable AI (XAI) or the development of AI systems that provide clear and understandable explanations for their decisions, is set to grow too. Next year, there will be a growing emphasis on implementing XAI in cybersecurity solutions to enhance trust, accountability, and regulatory compliance.
XAI not only helps cybersecurity professionals understand how AI algorithms arrive at specific conclusions but also facilitates better collaboration between humans and AI. This is particularly important in critical situations where quick and informed decisions are required. Businesses investing in AI-driven cybersecurity solutions should prioritise those that incorporate XAI principles to ensure transparency and facilitate effective decision-making.
Supply chain vulnerabilities
Critical infrastructure is often interconnected through complex supply chains, and adversaries are aware of the potential impact of targeting these interdependencies. In 2024, supply chain attacks on critical infrastructure are expected to rise, with threat actors exploiting vulnerabilities in third-party vendors and partners to gain access to targeted systems.
Securing the supply chain requires entities to implement comprehensive risk management strategies, including thorough vetting of third-party vendors, regular security assessments, and the establishment of clear cybersecurity guidelines for all partners in the supply chain. Strengthening supply chain security is a collaborative effort that involves coordination between governments, regulatory bodies, and private sector organisations.
All eyes on crypto
Gostev says there is also a need to strengthen control over transactions, first and foremost cryptocurrencies. “International regulations will be aimed at tightening measures for converting crypto into fiat and subsequent withdrawal. This will affect the entire fintech industry, which has just begun to recover from the ‘crypto winter’ of the last couple of years.”
Cryptocurrencies, which are characterised by their decentralised nature and pseudonymous transactions, present challenges that can potentially facilitate illicit activities such as money laundering, fraud, the drug trade, human trafficking, and terrorist financing. As these digital assets continue to gain widespread adoption, the need for a robust regulatory framework becomes increasingly apparent to ensure the integrity and stability of financial markets.
Strengthening control over cryptocurrency transactions is crucial not only to protect investors and consumers but also to safeguard the overall financial system from potential vulnerabilities. Governments and regulatory bodies need to collaborate in developing and implementing comprehensive strategies that strike a balance between fostering innovation and mitigating the risks associated with unregulated financial transactions, in an aim to foster a secure and transparent financial ecosystem in the years to come.
The skills deficit
As of 2024, the cybersecurity skills deficit continues to pose a significant challenge to organisations around the world. The rapid evolution of technology and the increasingly sophisticated nature of cyber threats have created a growing demand for skilled cybersecurity professionals.
Unfortunately, the supply of adequately trained and experienced individuals has not kept pace with this demand, leading to a persistent deficit in cybersecurity talent. This shortage is exacerbated by the ever-expanding attack surface and the continuous emergence of new threat vectors.
Entities are battling to fill key roles in areas such as threat detection, incident response, and vulnerability management, leaving them vulnerable to cyberattacks. Efforts to address the skills gap include educational initiatives, industry partnerships, and upskilling programs, but the deficit persists, highlighting the urgent need for comprehensive and scalable solutions to bridge the cybersecurity skills gap in the years to come.
A landscape fraught with challenges
As we peer into the future of cybersecurity in 2024, the landscape is fraught with challenges that demand a comprehensive and proactive response. Ransomware, driven by financial motives, is evolving in tactics and targeting critical infrastructure, requiring entities to fortify their defences. Artificial intelligence, while providing enhanced defence capabilities, introduces new challenges as cybercriminals leverage AI for more sophisticated attacks.
Hacktivism is on the rise, fuelled by ideological motivations, and nation-states are increasingly involved in cyber operations under the guise of hacktivism. The vulnerabilities within critical infrastructure, especially in the context of operational technology and supply chain interdependencies, necessitate collaborative efforts between governments and private organisations.
In addition to these trends, companies and governments must remain vigilant against top cybersecurity threats such as advanced persistent threats, zero-day exploits, insider threats, and the eternal challenge of phishing and social engineering. A holistic approach to cybersecurity, incorporating advanced technologies, employee training, threat intelligence sharing, and international collaboration, is essential for navigating the intricate and dynamic cyber landscape of 2024.
El ransomware sigue siendo uno de los principales problemas para las empresas, y no parece que vaya a cambiar en un futuro cercano. Una encuesta de IDC muestra que un tercio de empresas a nivel global se han visto afectadas por este tipo de ataques. Al mismo tiempo, Gartner apunta que el 95% de los mismos se podría haber prevenido. Preparamos a empresas y particulares a entender y prevenir esta devastadora amenaza que está en continuo crecimiento.
Aprenderás cómo funciona esta amenaza, como prepararte para prevenirla y cómo reaccionar y actuar si tu empresa cae víctima de ella.
El curso cubre desde los conocimientos básicos sobre cómo funciona el Ransomware, los principales grupos de crimeware que están detrás y sus modus operandi habituales, así como medidas básicas y avanzadas de prevención que puedes adoptar.