Criminal activities increased in the first half of the year, with Check Point Research (CPR) to report an 8% increase in global weekly cyber attacks in the second quarter, the highest rate in two years.
Familiar threats such as ransomware and hacktivism have evolved, with criminal gangs modifying their methods and tools to infect and affect organizations worldwide. Even legacy technology like USB storage devices have regained popularity as a vehicle for spreading malware.
One of the major developments this year has been the evolution of ransomware. Data from more than 120 ransomware “shame-sites” revealed that in the first half of 2023, a total of 48 ransomware groups reported breaching and publicly extorting more than 2.200 victims. This year, there have been several high-profile cases, including the attack on MGM Resorts, which led to the closure of major facilities in Las Vegas for several days and the damage is likely to cost millions to repair.
Check Point's cybersecurity predictions for 2024 broadly fall into six categories: Artificial Intelligence and Machine Learning, Supply Chain and Critical Infrastructure Attacks, Cyber Security, Nation-States, Instrumentalized Deepfake Technology, and Phishing Attacks.
Table of Contents
Artificial Intelligence and Machine Learning:
- Rise of AI-Directed Cyber-Attacks: Artificial intelligence and machine learning have dominated the cyber security debate. The coming year will see more threat actors adopt AI to accelerate and expand every aspect of their toolkit. Whether it's more cost-effective rapid development of new malware and ransomware variants or using deepfake technologies to take phishing and impersonation attacks to the next level.
- Fighting fire with fire: Just as we've seen cybercriminals harness the power of AI and ML, so will cyber defenders. We have already seen significant investment in artificial intelligence for cyber security, and this will continue as more companies seek to protect themselves against advanced threats.
- Impact of regulation: Significant steps have been taken in Europe and the USA regarding the regulation of the use of artificial intelligence. As these plans develop, we will see changes in how these technologies are used, both for offensive and defensive activities.
“Our reliance on AI for cyber security is undeniable, but as AI evolves, so will our adversaries' strategies. In the coming year, we must innovate faster than the threats we face to stay one step ahead. Let's fully leverage the potential of artificial intelligence for cyber security, with particular attention to responsible and ethical use,” said Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software Technologies.
Attacks on supply chain and critical infrastructure:
- Zero trust in the supply chain: The increase in cyber-attacks on critical infrastructure, especially those involving nation states, will lead to a shift to “zero trust” models that require verification of anyone trying to connect to a system, regardless of where they are on or off the network. With governments introducing stricter cyber security regulations to protect personal information, it will be important for organizations to stay ahead of these new legal frameworks.
- Supply Chain Still a Weak Link: The rate of incidents involving the supply chain remains a challenge for organizations and the impact can be far-reaching. This will continue to be a trend in the coming year if organizations fail to conduct more rigorous third-party vendor assessments.
- Strengthening security protocols: Recent breaches highlight the critical importance of stronger security protocols in the supply chain. As cybercriminals target smaller downline suppliers to gain access to larger companies, organizations must require stricter assessments and implementation of security protocols to prevent further attacks.
Cyber Security:
- AI in Insurance: Like all industries, AI is set to transform the way insurance companies assess how resilient prospective customers are to cyberspace. It will also provide opportunities for these companies to offer cyber security services directly. However, it is important to note that AI alone cannot solve all cyber challenges and companies must balance security with convenience.
- Proactive approach to reduce insurance premiums: With the rising cost of cyber insurance and a shortage of talent, organizations will begin to shift from reactive security to more effective defensive security. By demonstrating proactive action against cyber-attacks, organizations may see their insurance premiums decrease.
Nation-state attacks and hacktivism:
- The power of cyberwarfare: The Russo-Ukrainian conflict was a major watershed in the case of cyberwarfare waged by groups of nation-states. Geopolitical instability will continue next year and hacktivist activities will account for a larger proportion of cyber attacks, especially DDoS attacks, with the primary goal of disrupting and disrupting
- Concealing hidden agendas: While many hacktivist groups use a political position as a reason to launch attacks, they may be masking ulterior motives. We could see blurred lines between hacktivism and commercialization, with threat actors choosing ransomware attacks as a revenue stream to fund other activities.
Instrumentation of Deepfake technology:
- Deep fake technological advancement: Deepfakes are often used as weapons to create content that will influence opinions, change stock prices, or worse. These tools are readily available online and threat actors will continue to use deepfake social engineering attacks to gain privileges and access sensitive data.
Phishing attacks continue to plague businesses:
- Phishing and legitimate tools: Software will always be exploitable. However, it has become much easier for threat actors to "log in" rather than "log in". Over the years, the industry has built layers of defense to detect and prevent intrusion attempts against software exploits. With the relative success and ease of phishing campaigns, the coming year will bring more attacks stemming from credential theft rather than vulnerability exploitation.
- Advanced Phishing Tactics: AI-enhanced phishing tactics may become more personalized and effective, making it even more difficult for individuals to detect malicious intent, leading to increased phishing-related breaches.
Ransomware: Stealthy Exploits, Enhanced Extortion and AI Battlefields
- Adoption of "living off the land" techniques, which leverage legitimate system tools to carry out attacks, is expected to increase, especially in light of successful takedowns of malware networks like Qbot by agencies like the FBI. This more subtle approach, which is harder to detect and thwart, underscores the need for sophisticated threat prevention strategies, including managed detection and response (MDR) that can identify device and network behavior anomalies.
- Data Risks Amidst Ransomware Defenses: Despite organizations strengthening their defenses against ransomware, incidents of data loss or leakage are likely to increase. A contributing factor may be the growing reliance on SaaS platforms to store sensitive data as part of application services, introducing new actors and vulnerabilities that can be exploited by malicious entities.
- Ransomware reporting nuances: The observed increase in ransomware attacks will require nuanced interpretation, possibly inflated by newly enacted reporting mandates. It is imperative that we analyze these statistics judiciously, understanding the dynamics of reporting protocols in analyzing the true scope and scale of the threat.
“Ransomware attackers' use of artificial intelligence will become more advanced, requiring organizations to not only focus on attack prevention, but also strengthen incident response and remediation plans to mitigate the potential impact. As attacks become more sophisticated, organizations must evolve their approach to security to stay ahead of the game,” said Daniel Wiley, Head of Threat Management and Principal Security Consultant, Infinity Global Services at Check Point Software Technologies.
As cybercriminals continue to evolve their methods and tools, organizations must adapt their cyber security measures. In 2023 we witnessed several large-scale attacks. In today's threat landscape, companies not only need to prioritize their own security protocols, but also audit the security practices of their third-party vendors. With the rise of AI-enhanced cyberattacks, zero-trust models, and deepfake technology, it is more important than ever to invest in collaborative, integrated, and unified cybersecurity solutions. We must remain vigilant and agile in the face of the expanding attack vector and work together to build an effective defense against cyber threats.