- AI could be both beneficial and a problem when it comes to dealing with cybercriminals in 2024.
- Ransomware is expected to remain a major threat in the future.
- Cybercriminals are getting smarter in bypassing MFA in their cyberattacks.
Cybersecurity threats continue to be the biggest concern for organizations around the world. Despite the potential of generative AI and other emerging technologies to help in the fight against the likes of malware and phishing, organizations still need to allocate a large budget to improve their cybersecurity every year.
In fact, according to a report by Gartner, worldwide end-user spending on cybersecurity and risk management is projected to total US$215 billion in 2024, an increase of 14.3% from 2023. And a large chunk of the spending will focus on data privacy and cloud security.
Specifically, the increasing use of AI by organizations opens the door for more cybersecurity threats, especially when it comes to the impact of processing personal data. Gartner also predicts that by 2025, 75% of the world’s population will have its personal data covered by modern privacy regulations.
But while businesses are handing out sacks full of cash to protect their data and the data of their users, it’s important to remember that cybercriminals are also using AI – in their case, to launch more and more sophisticated threats to businesses. Today, cybersecurity threats come in all forms, and generative AI is helping cybercriminals improve their delivery of these threats.
Oakley Cox, analyst technical director at Darktrace pointed out that generative AI will let attackers phish across language barriers. Cox said that currently, the majority of cyber-enabled social engineering, like phishing, has been carried out in English. The language is used by millions of people across North America and Europe, and dominates business operations in large swathes of the rest of the world. As a result, using local languages has not been worth the effort for cybercriminals when English can do the job just fine.
For businesses in APAC, the diversity of local languages has restricted the extent to which hackers can target the region. Employees know to look out for phishing emails written in English, but are complacent when receiving emails written in their local language. in a sense, they have no natural immunity to phishing in their own local languages, because it hasn’t been a significant problem before.
“With the introduction of generative AI, the barrier to entry for composing text in foreign languages has dropped dramatically. At Darktrace, we have already observed the increased complexity of English language use in phishing attacks. Now we can expect attackers to add new language capabilities which were previously viewed as too complex to be worth the effort, including Mandarin, Japanese, Korean and Hindi,” said Cox.
Cox added that, given the reduced barrier to entry, local language phishing emails are likely to bring rich rewards to cybercriminals. Email security solutions trained using English language emails are unlikely to detect local language attacks, and the emails will land in the inboxes of those who are not used to receiving social engineering attempts in their native language.
Cox also pointed out that AI will hunt for software vulnerabilities, which can be beneficial for the good guys.
“As AI becomes more widely used to augment software development, defenders will use it to find vulnerabilities in their software. On the flip side, AI could also become an even more powerful tool for adversaries to find and exploit new vulnerabilities in software on which to launch attacks” added Cox.
Ransomware remains a major cybersecurity threat
Ransomware has dominated most cybersecurity incidents in 2023. And it’s most likely that it will continue to be a major concern for organizations as well. While there has been an increase in the number of businesses paying the ransom to get their data back, this practice may not continue as the advice from cybersecurity experts continues to be not to do so.
Countries are also enhancing their regulations to ensure businesses take their data more seriously and are accountable for any cybersecurity incident. For example, Australia has imposed new plans to boost its cybersecurity over the next few years while Singapore is currently collecting feedback from the public on how it can improve methods in handling cybersecurity threats.
For Liam Dermody, director of Darktrace’s Red Team, it’s likely ransomware crews will focus their attention on APAC countries. Hong Kong’s Computer Emergency Response Team Coordination Centre (HKCERT) has already reported an increase in ransomware targeting the region in late 2023.
Dermody believes this could represent a longer-term pivot to APAC by ransomware operators, as the region has key similarities to Central America which saw an extraordinary spike in ransomware attacks in 2022. The APAC region contains some of the fastest-growing economies in the world but also contains many businesses that are not as prepared as their counterparts in other regions which have historically been the focus of ransomware attacks.
“Much of APAC represents a greenfield investment for ransomware operators. Furthermore, APAC represents less of a risk to ransomware operators when compared to their ‘traditional hunting grounds’ like the US, where cybercriminals are being subjected to increased scrutiny from government, intelligence agencies and law enforcement. This combination of lowered risk and heightened reward could see ransomware operators continue to focus on APAC well into 2024,” he commented.
Meanwhile, Tony Jarvis, VP of enterprise security at Darktrace said the single biggest change happening right now is the greater involvement of government in ransomware regulation and response.
“The Australian government is now mandating that businesses report ransomware activity so that more can be done – both in terms of understanding the scale of the problem, and also coordinating responses with impacted entities. This is Australia-only at this stage, but I expect other neighbouring countries to follow suit or adopt something similar.
I think this is interesting because ransomware has really been a problem since early 2016 and is now a global issue. The government is stepping in, meaning public-private cooperation. I expect to see additional government initiatives play out in this space both in Australia and around APAC as neighbouring countries take notice and learn from the efforts of others,” said Jarvis.
Cybersecurity threats are bypassing MFA
Dermody also pointed out that the increase of multi-factor authentication (MFA) bypassing over the next 12 months by all levels of attackers will test the security industry’s resolve.
MFA has been wildly successful in preventing brute force attacks and reusing stolen passwords. MFA’s effectiveness has seen it become a prerequisite in many cybersecurity frameworks and a default setting of many providers, like GitHub. Unfortunately, as MFA is now in wide use, attackers have adapted to this hurdle and have developed a number of ways to bypass it.
These methods range from the simple – sending countless MFA push notifications until a fed-up victim clicks “Accept” – to the more involved – using detailed OSINT investigations on a target to enable a SIM swap, allowing the attacker to impersonate the victim’s phone.
That being the case, Dermody believes MFA bypassing can be done by both the sophisticated and the simple attacker alike – and there’s been a rise in MFA bypassing in high-profile attacks, a trend that will only continue into 2024.
“We need to move past viewing MFA as a credential protection panacea and be more attuned to unusual activity during and after authentication has occurred. This requires a deep and nuanced understanding of what is ‘normal’ for any given identity – location, timing and resources being accessed – which can be difficult to do with our dispersed and dynamic workforces without using AI or ML to learn patterns of life,” added Dermody.
At the same time, Jarvis explained that as cybercriminals find ways to bypass MFA, it simply indicates that newer tech is needed. Jarvis said that each passing year sees a raft of technologies being brought to market that aim to augment some of the gaps in existing defences, or simply to counter new techniques and exploits being used and exploited by threat actors.
While 2024 will be no different from 2023 in this regard, what is changing is the growing number of technologies, categories, acronyms and quadrants that security practitioners need to be across.
“The expression ‘Old malware never dies’ is certainly true, and in a similar vein, newer technologies rarely replace more established controls, meaning that many organizations are likely to have additional solutions in their security stack by the end of the coming year. The end result? CISOs need to spend the time they don’t have researching a constantly growing number of tools, forever questioning the opportunity cost of going with one option in lieu of another,” Jarvis concluded.
With that said, businesses need to be sure they are well prepared in 2024 to deal with any type of cybersecurity threats that are targeting them. It’s always better to be well prepared than to deal with a cybersecurity incident against which you have no prior defence.