Read expert predictions on the most relevant cyber threats for 2024 and how your company can protect itself against them.
Ransomware tactics evolve
Threat prediction:
Cybercriminals are increasingly using GenAI tools and features to enhance their targeting capabilities, making ransomware more personalized and harder to detect. Deepfake technology enables ultra-convincing emails and phone calls that evade detection and manipulate human behavior. Additionally, new and enhanced “Ransomware-as-a-Service” models are emerging, allowing even less skilled attackers to launch devastating ransomware campaigns.
Countermeasure:
A very high proportion of ransomware attacks start by tricking end users, for example with a phishing attack. Therefore, continuous training of employees to recognize phishing techniques is essential. Use multi-factor authentication (MFA) as widely as possible. It is not sufficient on its own but is a necessary step. Also, implement and configure AI-based threat detection and protection technologies for Microsoft 365 email, cloud-based storage services, and general internet traffic.
AI-based cyberattacks will grow
Threat prediction:
Modern, LLM-based AI can significantly enhance security measures, but it also provides cybercriminals with very powerful tools. AI can automate attacks, create more convincing phishing campaigns, and produce deepfakes for social engineering. It can also deliver malicious code, phishing, and scam sites through manipulated search engine results, a technique that has been effectively used throughout 2023.
Countermeasure:
Ensure visibility and control of applications and internet traffic to protect users from this attack vector. Use modern cloud-based security control technology with advanced threat detection and protection features. Using automation (such as Microsoft Security CoPilot) is beneficial but not enough on its own. Detection and response capabilities are key here. Manage human risk by assessing employee behavior and interaction with cybersecurity products using risk scores. Based on these scores, you can arrange training and monitor progress, assessing the need for additional training. The same method can also detect potential “insider threats.”
Exploiting remote work infrastructure vulnerabilities
Threat prediction:
Remote work continues, though peak levels are behind us, and the external attack surface remains large or even grows. Hackers target remote work infrastructures by exploiting vulnerabilities and misconfigurations in VPNs, cloud services, APIs, and poorly protected and vulnerable admin-level remote desktop protocols. Typically, these attacks lead to unauthorized access to sensitive corporate networks and data, serving as the initial steps in ransomware attacks.
Countermeasure:
The short answer is Zero Trust and its basic definition “never trust – always verify.” The longer answer is to stop using remote access VPN solutions and replace them with ZTNA as part of the Zero Trust journey. Another important factor is effective vulnerability management and moving away from legacy remote access solutions, especially for admin users. Zero Trust must also be extended to cloud services, and the use of their API interfaces must be carefully analyzed and controlled.
Increase in supply chain attacks
Threat prediction:
In 2024, the software supply chain will continue to be a valuable target for advanced threat actors. Attacks on less secure elements in the supply chain, such as software, to reach more secure targets are rising. In recent years, attacks against all four main phases of software development—source code, build, dependencies, and deployment—have dramatically increased. As cybercriminals and state-sponsored actors improve at compromising trusted third-party software and hardware, they will find new ways to attack multiple victims simultaneously.
Countermeasure:
Ensure your organization’s cyber hygiene through third-party cybersecurity audits of its cybersecurity readiness, resilience, and overall risk posture. Include cloud services, especially public cloud IaaS workloads and their configurations, as well as known and sanctioned SaaS services. Use various technology solutions for this assessment, which should also include third-party business partners, cloud services, all software used, and their components. These technologies allow the audit to be a continuous process rather than an annual exercise due to regulations.
Attacks on industry and critical infrastructure
Threat prediction:
Attacks on critical infrastructure, such as energy grids, healthcare systems, wastewater treatment facilities, and transportation networks, are driven by geopolitical conflicts and financial motives. The potential for widespread disruption and harm in 2024 is high, particularly with significant political events like elections in Europe and the US. State-level actors with substantial resources pose a serious threat to critical infrastructure. The manufacturing industry was the number one target for ransomware attacks last year because cybersecurity solutions in manufacturing environments are generally inferior to those in enterprise environments. Critical infrastructure protection may not be much further along.
Countermeasure:
Protecting industry and critical infrastructure requires a holistic view of best practices, not just fixing one single issue, like remote access. Best practices include standards compliance, implementing a defensive architecture for secure OT environments, maintaining continuously available and accurate information on OT devices and their interactions, intelligent vulnerability management of OT devices, cybersecurity incident response plans and services, and secure and modern remote access solutions for OT environments.
Cyber risks vary between businesses, so countermeasures should always be planned with the help of cybersecurity experts. For personalized protection and cost savings, contact us to assess your organization’s situation and safeguard against the latest cyber threats.
