Global weekly cyber attacks increased in the first half of the year and registered a rate of 8% in the second quarter alone, which marks the highest volume in two years, according to a study by Check Point Research (CPR). The report points out that known threats, such as ransomware and hacktivism, have evolved as cybercriminal groups modify their methods and tools to infect and affect organizations around the world. Even legacy technologies like USB storage devices have regained popularity as a means for spreading malware.
One of the most significant advances this year has been the evolution of the ransomware landscape. Data derived from more than 120 ransomware shame-sites revealed that in the first half of the year, a total of 48 ransomware groups reported public rape and extortion of more than 2,200 victims. There have been several high-profile cases this year, including the attack on MGM Resorts that caused major Las Vegas venues to close for several days and will likely cost millions in remediation.
Check Point Software’s cybersecurity predictions for 2024 fall into six categories: artificial intelligence and machine learning; GPU farm (GPU farming) for cloud attacks; attacks on the supply chain and critical infrastructure; cyber insurance; nation states; weaponized deepfake technology and phishing attacks.
Artificial intelligence (AI) and machine learning (ML):
● Increase in AI-driven cyberattacks: Artificial intelligence and machine learning have dominated the cybersecurity debate. In the coming year, more threat operators will adopt AI to accelerate and expand every aspect of their attack toolkit. Whether it’s the rapid and more cost-effective development of new variants of malware and ransomware or the use of deepfake technologies to take phishing and impersonation attacks to the next level.
● Fight fire with fire: Just as we have seen cybercriminals harness the potential of AI and ML, so too will cyber defenders. We have already seen significant investment in AI for cybersecurity, and this will continue as more organizations look to further protect themselves against advanced threats.
● Impact of regulation: There have been significant steps in Europe and the United States in regulating the use of AI. As these plans develop, changes will occur in the way these technologies will be used, for both offensive and defensive activities. In Brazil, the National Data Protection Authority (ANPD) published on October 24th the second analysis of Bill (PL) 2338/2023, presenting legislative contributions and a proposal for an institutional model for the regulation of AI in the country .
“Our reliance on AI for cybersecurity is undeniable, but as AI evolves, so will our adversaries’ strategies. In the coming year, we must innovate faster than the threats we face to stay one step ahead. Let’s harness the full potential of AI for cybersecurity, with a close eye on responsible and ethical use,” says Sergey Shykevich, manager of the Threat Intelligence Group at Check Point Software Technologies.
Cloud will be targeted by hackers to access AI resources – GPU farming:
As the popularity of generative AI continues to increase, the cost of running these massive models will grow rapidly, potentially reaching tens of millions of dollars. Cybercriminals will see cloud-based AI capabilities as a lucrative opportunity. They will focus their efforts on establishing GPU farms (GPU farming) in the cloud to fund their AI activities.
Just as cloud computing resources were the primary target of crypto mining a few years ago, 2024 will bring the emergence of GPU farming as the latest and most sought-after target in the realm of cloud-based cyberattacks.
Attacks on the supply chain and critical infrastructure:
● Zero trust in the supply chain: The rise in cyberattacks on critical infrastructure, especially those with nation-state involvement, will lead to a shift to zero trust models that require verification of anyone trying to connect to a system, regardless of whether the people are inside. or off-grid. With governments introducing stricter cybersecurity regulations to protect personal data and information privacy, it will be essential for organizations to stay ahead of these new legal and legal landscapes.
● The supply chain is still a weak link: The rate of supply chain incidents continues to be a challenge for organizations and the impact can be far-reaching. This will continue to be a trend in the coming year if organizations are unable to conduct more rigorous assessments of third-party vendors.
● Strengthening security protocols: Recent breaches highlight the critical importance of stronger security protocols in the supply chain. As cybercriminals target small vendors to gain access to larger companies, organizations must require more rigorous assessments and implementation of security screenings and protocols to prevent further attacks.
As cybercriminals continue to evolve their methods and tools, organizations need to adapt their cybersecurity measures. “In 2023, we will witness several large-scale attacks. In the current threat scenario, companies not only have to prioritize their own security protocols, but also thoroughly examine the security practices of their third-party suppliers”, recommends Eduardo Gonçalves, country manager at Check Point Software Brasil.
Cyber insurance:
● AI in insurance: Like all industries, AI is poised to transform the way insurance companies assess the cyber resilience of potential customers. It will also provide opportunities for these companies to offer cybersecurity services directly. However, it is crucial to note that AI alone cannot solve all cybersecurity challenges and companies must balance security with convenience.
● Preventative approach to reducing premiums: With cyber insurance costs rising and talent shortages, organizations will begin to shift from reactive security to more effective defensive security. By demonstrating preventive actions against cyber attacks, organizations may see their premiums reduced.
Nation-state attacks and hacktivism:
● The Staying Power of Cyberwarfare: The conflict between Russia and Ukraine was a significant milestone in cyber warfare carried out by groups linked to nation-states. Geopolitical instability will continue next year and hacktivist activities will make up a greater proportion of cyber attacks, specifically distributed denial of service (DDoS) attacks, with the primary aim of disrupting and inconveniencing.
● Mask hidden targets: Although many hacktivist groups use a political stance as a reason to launch cyberattacks, they may be disguising ulterior motives. We could see blurred lines between hacktivism and actions for commercial purposes, with threat actors choosing ransomware attacks as a source of revenue to fund other activities.
Deepfake technology will be weaponized:
● Deepfake technological advances: Deepfakes are often cyber attacks weaponized to create content that will influence opinions, change stock prices or worse. These tools are readily available online and threat actors will continue to use deepfake social engineering attacks to gain permissions and access sensitive data.
Phishing attacks continue to plague businesses:
● Legitimate and phishing tools: The software will always be exploitable. However, it has become much easier for attackers to “log in” rather than “break in”. Over the years, the industry has built layers of defense to detect and prevent hacking attempts against software exploits. With the relative success and ease of phishing campaigns, next year will bring more attacks that originate from stealing credentials rather than exploiting vulnerabilities.
● Advanced Phishing Tactics: AI-enhanced phishing tactics could become more personalized and effective, making it even more difficult for individuals to identify malicious intent, and leading to an increase in phishing-related breaches.
Ransomware: Stealthy Exploits, Enhanced Extortion, and AI Battlegrounds:
● Predominance of “living off the land” tactics: An increase in the adoption of living off the land techniques, which leverage legitimate system tools to execute attacks, is expected, especially in light of successful takedowns of malware networks such as Qakbot/Qbot by authorities United States FBI police officers. This more subtle approach, which is harder to detect and prevent, underscores the need for sophisticated threat prevention strategies, including managed detection and response (MDR) that can identify device and network behavior anomalies.
● Data Risks Amid Ransomware Defenses: Despite organizations strengthening their defenses against ransomware, incidents of data loss or leakage are likely to increase. A contributing factor may be the increasing reliance on SaaS platforms to store sensitive data as part of application services, introducing new vectors and vulnerabilities that malicious entities can exploit.
● Nuances in Ransomware Reporting: The observed increase in ransomware attacks will require careful interpretation and may be inflated due to recently instituted reporting requirements. It is imperative to dissect these statistics carefully, understanding the dynamics of communication protocols in analyzing the true scope and scale of the threat.
“The use of artificial intelligence by ransomware attackers will become increasingly advanced, requiring organizations to not only focus on preventing attacks, but also improve their incident response and evolve their security approach to stay ahead,” highlights Fernando de Falchi, security engineering manager at Check Point Software Brasil.
With the increase in cyberattacks powered by AI, zero trust models and deepfake technology, Check Point Software experts highlight the importance of investing in collaborative, comprehensive and consolidated cybersecurity solutions. It is necessary to remain constantly vigilant and agile in the face of the expanding attack vector and work together to create an effective defense against cyber threats.
Source: CisoAdvisor
