Veqtor8 worked closely with CISOs throughout 2023. We gained insights into the issues that are top of mind and are likely to become more prominent in the year ahead.
In recent years, there has been a lot of focus on phishing, ransomware, zero-trust, IoT and operational technology vulnerabilities, zero-day attacks, supply chain vulnerabilities, endpoint security and cloud security. The list could go on. Increased use of AI and automation has been a major initiative for CISOs over the past year, with many searching for productive Generative AI use cases.
These focus areas will continue to be critical in 2024. In this research insight, we make four predictions around issues that will receive much more attention in 2024 than in previous years.
Software and IT Services Vendors will be Held More Accountable for Cybersecurity Breaches
The People’s Republic of China’s attack against US government agencies via Microsoft, highlighted major security weaknesses within Microsoft, as well as the urgent need to place greater accountability on software vendors for damage caused by cyberattacks. It was the latest in a series of breaches affecting leading software and IT services vendors, and consequently, their customers.
Governments across the globe can be expected to find ways of protecting businesses – particularly organisations involved in critical infrastructure – from cyber threats by placing more liability on vendors for breaches. The aim of this approach is to ensure that the world’s largest software vendors only sell products that are fit for purpose and are coded securely.
For too many software vendors, the focus on meeting deadlines, bringing new products to market rapidly and of course profitability, means that overlooking security vulnerabilities occurs. Regardless of marketing messaging from vendors, security has not been built into the culture of many of today’s leading software vendors, and coding is too often, not secure. The size and market power of some software vendors allows them to continue to prosper, regardless of the frequency and impact of internal cyber breaches. No CISO will be blamed for buying compromised Microsoft products, hence the need to make vendors more accountable.
Living Off the Land Attacks Proliferate
For many years, the NSA has been sharing warnings that ‘Living Off The Land’ (LOTL) attacks are prevalent and that far too many go undetected. The adoption of LOTL techniques — leveraging legitimate system tools to execute attacks — is expected to surge, especially in light of successful takedowns of malware networks such as Qbot.
Commonly, attackers use legitimate credentials and built-in tools to penetrate systems and networks. Successful attacks can allow attackers to escalate privileges, steal data and set backdoors for future attacks.
This attack technique is particularly popular with nation states and is used to lurk in systems and networks undetected (and ready to strike), sometimes for many years.
Attackers can infiltrate a range of systems and remain undetected. At a time and place of its choosing cybercrime groups or, more dangerously, nation states can choose to launch a damaging attack from within an organisation, such as disrupting critical infrastructure or critical communications. This can be expected to become much more common in 2024. Organisations will need to place significantly more emphasis on detection and response technologies and ensure that their exposure to LOTL attacks is limited.
Cyber Interference Campaigns Threaten Everyday Business Operations
Expect to witness an increase in convincing deepfakes and targeted disinformation in 2024. The concepts of trust, truth and identity will receive much greater emphasis. Insider threats and collusion will become far more dangerous, as disinformation is used to support attacks and motivate employees and other stakeholders to commit nefarious acts.
On a larger scale, democratic political systems and the assumptions around which they are built will increasingly come under attack with a deluge of disinformation, often closely connected to propaganda emanating from authoritarian nation states.
Disinformation and misinformation can be weaponised in many ways that have yet to be fully considered by most organisations. For example, it could lead to employees within an organisation being used as part of a wider attack, if for example, they believe that their organisation is involved in electoral fraud or is producing pharmaceuticals which kill people. Disinformation can create deep distrust towards both employers and governments amplifying the threat from insiders and forcing employers to scrutinise new hires more vigorously.
The Consumerisation of Generative AI Makes Large-Scale Attacks Much Easier to Execute
AI in particular generative AI will be widely used to augment malicious activity in 2024. AI capabilities will increasingly act as a force multiplier, massively extending the reach and technical capabilities, attackers can wield. AI will also enable malicious actors with limited technical capability to expand and extend their nefarious activities.
Generative AI and large language models (LLMs) will increasingly drive social engineering operations, making malicious content more targeted and credible.
Generative AI will also increasingly be used by threat actors to scale up their attacks. PII can be used to target a much larger set of people with more personalised and believable emails and SMSs. This will inevitably lead to a massive increase in Authorised Push Payment (APP) fraud and other activities where the victim plays a role in enabling malicious activity.
In 2024, the population of attackers will increase as technical skills and significant resources will not be needed to create deepfakes, and fake communications using Generative AI. Indeed, expect to witness the increased development of Generative AI and LLMs as a service often combined with other tools such as ransomware as a service kits.
On a more positive note, Generative AI will also be used more widely by cybersecurity professionals to enhance their detection and response capabilities. The technology will also speed up laborious tasks such as threat analysis, and reverse engineering at scale.
In summary, secure coding, application testing, and the use of AI for defensive purposes will receive more emphasis from CISOs in 2024. Adapting existing defences to address LOTL attacks and an increase in insider attacks and collusion will lead to much greater focus on detection and response capabilities.
Comments