The threat landscape is chaotic and ever-evolving. How do you prioritize and predict what’s coming next? Our intelligence experts have you covered with analyst-vetted forecasts for the top threat types we expect in 2024. We’ve broken 2024’s threat trends into three categories: “Always On,” “On the Horizon,” or “Overhyped.”
These cyber threats demand attention because they are as enduring as death and taxes. They’re equally inevitable, ubiquitous, unexciting, and scary, too.
Social engineering keeps growing, taking advantage of the most complicated and persistent security weakness in any organization: people.
- 4.8 billion worldwide social media users present a massive set of targets still mostly lacking in information security mindset and training.
- The steady stream of phishing campaigns observed in 2023, combined with growing maturity and access to generative AI tools, ChatGPT, and competing tools for generating text to make phishing lures more convincing, means this threat is here to stay.
Ransomware and digital extortion still aren’t going anywhere. Ransomware continues to succeed in part because the primary delivery method remains phishing emails, and those will continue to improve as generative AI keeps improving those campaigns.
Deep & Dark Web
The deep and dark web continues to be critical real estate for cybercriminals. Compromised credentials, personally identifying information (PII), malware, and a plethora of tools and services are all for sale in cybercrime marketplaces.
- Cybercrime, much of which is planned and monetized within the dark web, causes a reported $6 trillion in damage annually; projected to grow to $10.5 trillion per year by 2025.
- The number of users connected to The Onion Router (TOR), the most widely-used network for accessing the dark web, has inexplicably grown by more than two-fold in the last four months of 2023.
Deep & Dark Web
Mis and Disinformation
Mis and Disinformation
Mis/Dis/Malinformation (MDM) is the existential threat of our times. The expanding ease of access to tools for creating convincing audio and video pushes this threat from the horizon to our doorstep.
- MDM related to the Russia/Ukraine conflict, the Israel/Hamas conflict, and Slovakia’s general election are examples of things to come
- Experts are sounding the alarms regarding this threat for good reason.
This is the most interesting set of cybersecurity trends because the threats are here but not fully formed. They are likely to grow and will need to be taken seriously now and in the year ahead.
Artificial intelligence threats are on the rise, as security analysts and threat actors alike adopt new generative AI and similar tools.
- Measured growth in the use of AI for both malicious and defensive applications is anticipated, particularly in information operations (including to spread mis-, dis-, and malinformation) and social engineering campaigns, techniques, and procedures (TTPs).
- AI will continue to be leveraged to accelerate reconnaissance of high-value or weak targets, to speed the identification and exploitation of vulnerabilities, and to facilitate malicious payload development and delivery.
Cryptocurrency-related threats appear to be on the rebound, given rising cryptocurrency values, including Bitcoin rising 109% and Ethereum rising 52% so far in 2023. These rises are likely responsible for the 399% increase in cryptojacking year-over-year.
- A recently reported cryptojacking attack targeting cloud credentials exposed on GitHub further demonstrates the ongoing threat.
- Cryptocurrency exchanges, long targeted by nation-state actors like North Korea, are facing new challenges from increasingly sophisticated malware.
Threats to elections, including the 2024 US Presidential Election, are an emerging trend. Multiple key elections taking place in 2024 are expected to drive an increase in various threat actor campaigns throughout the year.
- ZeroFox Intelligence anticipates an uptick in election-related scams, disruptive threats, and the spread of disinformation.
- Both malicious and non-malicious actors will likely increase their use of generative AI and synthetic media to create more effective and persuasive content during elections in 2024, exacerbating the threat posed by mis- and disinformation.
These are topics everyone talks about even though most have no idea why (or if) we should be expending energy on them.
Nation-State Threats remain scary, but are STILL not likely your top concern.
- Nation-states are motivated and sophisticated adversaries, but 50% of their targets are from the government, think tanks, non-government organizations (NGOs), information technology (IT), and education sectors.
- Organizations outside of the above sectors can’t ignore nation-state actors entirely but shouldn’t prioritize them over cybercrime concerns.
The metaverse continues to have interest beyond its current impact.
- The establishment of international standards for defining and governing the metaverse is muddy, with the Metaverse Standards Forum, ISO-IEC Joint Technical Committee (JTC1), and World Economic Forum representing three large organizations looking to lead the way.
- Meta’s investment in its virtual and augmented reality wing (Reality Labs) has resulted in $33.7 billion in losses in under three years—including $7.7 billion in the first half of 2023—without revolutionizing the internet.
- While a lot is being written about the metaverse, including optimistic projections for growth in adoption and revenue, the common denominator appears to be looking to the future, not today.
External attacks are the
Leading cause of breaches.
Only unified external cybersecurity can protect
you beyond the perimeter.