It’s that time of year again! When everyone talks about the future and tries to predict what threats will persist or grow versus those that may shrink or fade away entirely. Just as last year, we decided to evaluate future threats with an eye on what we consider to be “Always On,” “On the Horizon,” or “Overhyped.”
- Always On: These items demand attention because they are as enduring as death and taxes. They’re equally inevitable, ubiquitous, unexciting, and scary, too.
- On the Horizon: This is the most interesting set of considerations because the threats are here but not fully formed. They are likely to grow and will need to be taken seriously now and in the year ahead.
Overhyped: These are topics everyone discusses even though most have yet to learn why (or if) we should be expending energy on them.
Ransomware & Digital Extortion still aren’t going anywhere.
- Ransomware continues to succeed in part because the primary delivery method remains phishing emails, and those will continue to improve as generative AI keeps improving those campaigns.
- Ransomware and digital extortion will likely account for more than half of all global cyber attacks next year.
- Double-extortion in 2022 and triple-extortion in 2023 demonstrate how criminals continue to evolve this winning criminal strategy.
Source: ZeroFox Intelligence
Social Engineering keeps growing.
- Social engineering takes advantage of the most complicated and persistent security weakness in any organization: people.
- 4.8 billion worldwide social media users present a massive set of targets still mostly lacking in information security mindset and training.
The steady stream of phishing campaigns observed in 2023, combined with growing maturity and access to generative AI tools, ChatGPT, and competing tools for generating text to make phishing lures more convincing, means this threat is here to stay.
Source: ZeroFox Intelligence
The Deep and Dark Web continues to be critical real estate for cybercriminals.
- Compromised credentials, personally identifying information (PII), malware, and a plethora of tools and services—including web-scraping, obfuscation, phishing kits, ransomware as a service (RaaS), and Distributed Denial of Service (DDoS)—are all for sale in cybercrime marketplaces.
- Cybercrime, much of which is planned and monetized within the dark web, causes a reported $6 trillion in damage annually; projected to grow to $10.5 trillion per year by 2025.
- The number of users connected to The Onion Router (TOR), the most widely-used network for accessing the dark web, has inexplicably grown by more than two-fold in the last four months of 2023.
Mis/Dis/Malinformation (MDM) is the existential threat of our times.
- The expanding ease of access to tools for creating convincing text (ChatGPT, Google Bard, Microsoft Bing Chat), audio, and video, have pushed this threat from the horizon to our doorstep.
- Technically sophisticated MDM regarding the Russia/Ukraine conflict, the Israel/Hamas conflict, a recent U.K. election, and Slovakia’s general election—along with examples specific to U.S. politics—have experts sounding the alarm on threats to the 2024 U.S. elections.
- While the Federal Election Commission (FEC) is in the process of regulating the use of AI in political advertising, the threat appears to be well ahead of these efforts.
On the Horizon
Artificial Intelligence (AI) Enabled Cyber Threats are only going to grow.
- Synthetically generated text tools (ChatGPT, Google Bard, Microsoft Bing Chat, and more) improve the efficiency and effectiveness of authoring phishing campaign lures.
- Free and easy-to-use tools for generating synthetic audio and video have the power to greatly improve the believability of scams like business email compromise (BEC).
- Adversaries may seek to poison source data used by AI, resulting in organizations that are over-reliant on AI being systematically misled in their decision-making.
Cryptocurrency-Related Threats appear to be on the rebound
- Rising cryptocurrency values—including Bitcoin rising 109% and Ethereum rising 52% so far in 2023—are likely responsible for the 399% increase in cryptojacking year-over-year.
- A recently reported cryptojacking attack targeting cloud credentials exposed on GitHub further demonstrates the ongoing threat.
- Cryptocurrency exchanges, long targeted by nation-state actors like North Korea, are facing new challenges from increasingly sophisticated malware.
Social Media use continues to grow, albeit only slightly
- The average internet user in 2023 spends 151 minutes per day on social media sites, up four minutes from the previous year.
- The total count on social media platforms grew by 4.6%, from 128 social media platforms to 134 social media platforms.
- Nation-state influence operations, manipulation of social media platform algorithms (helped by readily available tips for marketing professionals), and a long list of scams all await unsuspecting users.
Nation-State Threats remain scary—and are STILL not likely your top concern.
- Nation-states are motivated and sophisticated adversaries, but 50% of their targets are from the government, think tanks, non-government organizations (NGOs), information technology (IT), and education sectors.
- Organizations outside of the above sectors can’t ignore nation-state actors entirely but shouldn’t prioritize them over cybercrime concerns.
Source: Microsoft Digital Defense Report 2023
Metaverse continues to have interest beyond its current impact.
- The establishment of international standards for defining and governing the metaverse is muddy, with the Metaverse Standards Forum, ISO-IEC Joint Technical Committee (JTC1), and World Economic Forum representing three large organizations looking to lead the way.
- Meta’s investment in its virtual and augmented reality wing (Reality Labs) has resulted in $33.7 billion in losses in under three years—including $7.7 billion in the first half of 2023—without revolutionizing the internet.
- While a lot is being written about the metaverse, including optimistic projections for growth in adoption and revenue, the common denominator appears to be looking to the future, not today.
What Can You Do?
An effective security program isn’t about addressing the biggest, scariest threats making headlines. It’s about fundamentally understanding and assessing your risk profile and prioritizing your defenses in the following ways.
- Know Yourself: Identify and work with stakeholders to codify intelligence requirements to maximize the value of time and effort expended defending the organization. Additionally, document and monitor your internal environment (i.e., CMDB and Crown Jewels) and external attack surface, including social media.
- Know Your Adversaries: Invest in intelligence on adversaries most likely to have the desire and capability to do you harm, including their tactics, techniques, and procedures (TTPs), motives, and previous actions.
- Know the Shared Terrain: Capitalize on intelligence to proactively understand the planning, facilitation, and execution of attacks within the deep, dark, and open web, and implement security strategies and policies that reduce exposure to those threats, and compensate for remaining risks.
To learn more about he current threat landscape and what types of threats security teams can use to plan for 2024 and beyond, download the full report for the full debrief on 2024 cybersecurity trends.