The threat landscape is chaotic and ever-evolving. How do you prioritize and predict what's coming next? Our intelligence experts have you covered with analyst-vetted forecasts for the top threat types in 2024. We've broken these threat trends into three categories: “Always On,” “On the Horizon,” or “Overhyped.”
These cyber threats demand attention because they are as enduring as death and taxes. They're equally inevitable, ubiquitous, unexciting, and scary, too.
Ransomware
Ransomware
Ransomware and digital extortion still aren't going anywhere. Ransomware continues to succeed in part because the primary delivery method remains phishing emails, and those will continue to improve as generative AI keeps improving those campaigns.
Key Takeaways
- Ransomware and digital extortion will likely account for more than half of all global cyber attacks next year.
- Double-extortion in 2022 and triple-extortion in 2023 demonstrate how criminals continue to evolve this winning criminal strategy.
Deep & Dark Web
The deep and dark web continues to be critical real estate for cybercriminals. Compromised credentials, personally identifying information (PII), malware, and a plethora of tools and services are all for sale in cybercrime marketplaces.
Key Takeaways
- Cybercrime, much of which is planned and monetized within the dark web, causes a reported $6 trillion in damage annually; projected to grow to $10.5 trillion per year by 2025.
- The number of users connected to The Onion Router (TOR), the most widely-used network for accessing the dark web, inexplicably grew by more than two-fold in the last four months of 2023.
Deep & Dark Web
Mis and Disinformation
Mis and Disinformation
Mis/Dis/Malinformation (MDM) is the existential threat of our times. The expanding ease of access to tools for creating convincing audio and video pushes this threat from the horizon to our doorstep.
Key Takeaways
- MDM related to the Russia/Ukraine conflict, the Israel/Hamas conflict, and Slovakia's general election are examples of things to come
- Experts are sounding the alarms regarding this threat for good reason.
This is the most interesting set of cybersecurity trends because the threats are here but not fully formed. They are likely to grow and will need to be taken seriously now and in the year ahead.
Artificial Intelligence
Artificial intelligence threats are on the rise, as security analysts and threat actors alike adopt new generative AI and similar tools.
Key Takeaways
- Measured growth in the use of AI for both malicious and defensive applications is anticipated, particularly in information operations (including to spread mis-, dis-, and malinformation) and social engineering campaigns, techniques, and procedures (TTPs).
- AI will continue to be leveraged to accelerate reconnaissance of high-value or weak targets, to speed the identification and exploitation of vulnerabilities, and to facilitate malicious payload development and delivery.
Artificial Intelligence
Crypto Threats
Crypto Threats
Cryptocurrency-related threats appear to be on the rebound, given rising cryptocurrency values, including Bitcoin rising 109% and Ethereum rising 52% at the time of reporting in 2023. These rises are likely responsible for the 399% increase in cryptojacking year-over-year.
Key Takeaways
- A recently reported cryptojacking attack targeting cloud credentials exposed on GitHub further demonstrates the ongoing threat.
- Cryptocurrency exchanges, long targeted by nation-state actors like North Korea, are facing new challenges from increasingly sophisticated malware.
Election Threats
Threats to elections, including the 2024 US Presidential Election, are an emerging trend. Multiple key elections taking place in 2024 are expected to drive an increase in various threat actor campaigns throughout the year.
Key Takeaways
- ZeroFox Intelligence anticipates an uptick in election-related scams, disruptive threats, and the spread of disinformation.
- Both malicious and non-malicious actors will likely increase their use of generative AI and synthetic media to create more effective and persuasive content during elections in 2024, exacerbating the threat posed by mis- and disinformation.
Election Threats
These are topics everyone talks about even though most have no idea why (or if) we should be expending energy on them.
Nation-State Threats
Nation-State Threats remain scary, but are STILL not likely your top concern.
Key Takeaways
- Nation-states are motivated and sophisticated adversaries, but 50% of their targets are from the government, think tanks, non-government organizations (NGOs), information technology (IT), and education sectors.
- Organizations outside of the above sectors can't ignore nation-state actors entirely but shouldn't prioritize them over cybercrime concerns.
Nation-State Threats
Metaverse
Metaverse
The metaverse continues to have interest beyond its current impact.
Key Takeaways
- The establishment of international standards for defining and governing the metaverse is muddy, with the Metaverse Standards Forum, ISO-IEC Joint Technical Committee (JTC1), and World Economic Forum representing three large organizations looking to lead the way.
- Meta's investment in its virtual and augmented reality wing (Reality Labs) has resulted in $33.7 billion in losses in under three years—including $7.7 billion in the first half of 2023—without revolutionizing the internet.
- While a lot is being written about the metaverse, including optimistic projections for growth in adoption and revenue, the common denominator appears to be looking to the future, not today.
Top actions for you to take.
External attacks are the
Only unified external cybersecurity can protect
you beyond the perimeter.
Social Engineering
Social engineering keeps growing, taking advantage of the most complicated and persistent security weakness in any organization: people.
Key Takeaways
Social Engineering