In the ever-evolving landscape of cybersecurity, defenders find themselves navigating yet another challenging year. Threat actors persistently refine their tactics, techniques and procedures (TTPs), showcasing adaptability and the rapid iteration of novel and complex attack chains. At the heart of this evolution lies a crucial shift: threat actors now prioritize identity over technology. While the specifics of TTPs and the targeted technology may change, one constant remains: humans and their identities are the most targeted links in the attack chain.
Recent instances of supply chain attacks exemplify this shift, illustrating how adversaries have pivoted from exploiting software vulnerabilities to targeting human vulnerabilities through social engineering and phishing. Notably, the innovative use of generative AI, especially its ability to improve phishing emails, exemplifies a shift towards manipulating human behavior rather than exploiting technological weaknesses.
As we reflect on 2023, it becomes evident that threat actors possess the capabilities and resources to adapt their tactics in response to increased security measures such as multi-factor authentication (MFA). Looking ahead to 2024, the trend suggests that threats will persistently revolve around humans, compelling defenders to take a different approach to breaking the attack chain.
So, what's on the horizon?
The experts at Proofpoint provide insightful predictions for the next 12 months, shedding light on what security teams might encounter and the implications of these trends.
1. Cyber heists: Casinos are just the tip of the iceberg
Cybercriminals are increasingly targeting digital supply chain vendors, with a heightened focus on security and identity providers. Aggressive social engineering tactics, including phishing campaigns, are becoming more prevalent. The Scattered Spider group, responsible for ransomware attacks on Las Vegas casinos, showcases the sophistication of these tactics. Phishing help desk employees for login credentials and bypassing MFA through phishing one-time password (OTP) codes are becoming standard practices. These tactics have extended to supply chain attacks, compromising identity provider (IDP) vendors to access valuable customer information. The forecast for 2024 includes the replication and widespread adoption of such aggressive social engineering tactics, broadening the scope of initial compromise attempts beyond the traditional edge device and file transfer appliances.
2. Generative AI: the double-edged sword
The explosive growth of generative AI tools like ChatGPT, FraudGPT and WormGPT bring both promise and peril, but the sky is not falling as far as cybersecurity is concerned. While large language models took the stage, the fear of misuse prompted the U.S. president to issue an executive order in October 2023. At the moment, threat actors are making bank doing other things. Why bother reinventing the model when it’s working just fine? But they’ll morph their TTPs when detection starts to improve in those areas.
On the flip side, more vendors will start injecting AI and large language models into their products and processes to boost their security offerings. Across the globe, privacy watchdogs and customers alike will demand responsible AI policies from technology companies, which means we’ll start seeing statements being published about responsible AI policies. Expect both spectacular failures and responsible AI policies to emerge.
3. Mobile device phishing: The rise of omni-channel tactics take center stage
A notable trend for 2023 was the dramatic increase in mobile device phishing and we expect this threat to rise even more in 2024. Threat actors are strategically redirecting victims to mobile interactions, exploiting the vulnerabilities inherent in mobile platforms. Conversational abuse, including conversational smishing, has experienced exponential growth. Multi-touch campaigns aim to lure users away from desktops to mobile devices, utilizing tactics like QR codes and fraudulent voice calls. This not only makes phishing attacks more effective on mobile devices but also complicates detection for corporate security teams.
4. Open-source and generative AI: leveling the ground for malware developers
Malware developers are leveraging open-source tools and generative AI, making advanced programming techniques accessible to a broader audience. As a result, malware capable of evading sandboxes and endpoint detection and response (EDR) tools is becoming more widespread. The accessibility of free and open-source software, such as SysWhispers, facilitates the incorporation of advanced detection-bypass capabilities into various malware projects. This democratization lowers the barrier to entry for less skilled developers, contributing to the proliferation of sophisticated malware families.
5. Identity-centric breaches: the achilles heel
Identity-based attacks will dominate breaches, exploiting vulnerabilities rooted in human behaviour and obscured by limited visibility. The conventional belief in cyber attackers relying on common vulnerabilities and exposures (CVEs) is losing relevance. The new truth: "identity is the new vulnerability." Organisations must shift their focus from primarily fortifying infrastructure to securing stored credentials, session cookies, access keys, and addressing misconfigurations, especially when it comes to privileged accounts (very much now including their IDPs). The human link in the attack chain demands swift and innovative defences.
In conclusion, 2024 presents cyber defenders with a formidable challenge as threat actors refine their strategies to exploit the human element. To counter these evolving threats, defenders must adopt proactive and adaptive strategies, recognising that the human factor remains a critical link in the cyber defence chain. As the battleground shifts, a resilient defence that addresses the multifaceted challenges of identity-based attacks, generative AI-driven threats, and mobile device phishing is essential to secure the digital frontier and create greater focus on breaking the attack chain.