Constantly changing, new attack tactics and techniques to specifically exploit human weaknesses will challenge IT security managers in 2024.
IT security professionals are facing another challenging year. Cybercriminals are constantly refining their Tactics, Techniques & Procedures (TTPs), demonstrating their ability to rapidly evolve and implement new, complex attack chains. At the heart of this development is a crucial shift: cybercriminals are targeting digital identities rather than technical vulnerabilities. Even as TTPs and targets change, one aspect remains constant: people and their identities are the most vulnerable links in the attack chain.
Recent cases of supply chain attacks illustrate this shift and show how attackers are increasingly exploiting human weaknesses through social engineering and phishing, rather than laboriously exploiting technical vulnerabilities in their attacks. The innovative use of generative AI, specifically to improve phishing emails, is a good example of this development.
Cybercriminals have the skills and resources to adapt their attack tactics in response to increased security measures, such as multi-factor authentication (MFA). This will force security professionals to take a different approach to breaking the attack chain.
Specifically, the following developments can be expected:
1. Cyber Robberies: Casinos are just the tip of the iceberg
Cybercriminals are increasingly targeting companies' digital supply chains. Security and identity providers in particular are increasingly being targeted. Aggressive social engineering tactics, including phishing campaigns, are becoming increasingly common. The “Scattered Spider” group responsible for ransomware attacks on Las Vegas casinos provides an example of how sophisticated these attack tactics are.
Phishing attacks on helpdesk employees to obtain login credentials and bypass MFA using one-time password (OTP) phishing are becoming increasingly common practice. These attack tactics are now also being used for supply chain attacks in which identity providers (IDPs) are compromised in order to obtain valuable customer data. In 2024, these aggressive social engineering tactics will be used more frequently. This means that primary attacks will also take place outside of traditional file transfer devices and applications.
2. Generative AI: A double-edged sword
The sudden emergence of generative AI tools such as ChatGPT, FraudGPT and WormGPT comes with both positive developments and dangers. As the large language models enter the stage, fear of their misuse grows. This has already prompted the US President to issue a corresponding regulation. At the moment, cybercriminals are making money from other things. Why reinvent the wheel when it works so well? However, they will adjust their TTPs as they become more detectable by their potential victims.
On the other hand, more and more providers will integrate AI and language models into their products and processes to improve their cybersecurity solutions. Data protection advocates and customers of technology companies worldwide will therefore demand guidelines for the responsible use of AI. Corresponding declarations on the responsible use of AI are likely to be published more frequently in the future. You should also be prepared for spectacular failures.
3. Phishing via mobile devices: Increase in omni-channel tactics
A notable trend in 2023 was the dramatic increase in phishing via mobile devices. We expect this form of threat to continue to grow in the coming year. Cybercriminals entice their victims to interact via mobile devices and exploit the vulnerabilities of mobile platforms. Abuse of existing conversations, including smishing, has increased exponentially. Multi-touch campaigns aim to lure users from desktop to mobile devices using attack tactics such as QR codes and fraudulent voice calls. This not only makes phishing attacks via mobile devices more effective, but also makes it more difficult for corporate security teams to detect them.
4. Open source and generative AI: A level playing field for malware developers
Malware developers use open source software and generative AI technologies to make higher quality code available to a wider audience. As a result, malware capable of evading sandboxes and endpoint detection and response (EDR) tools is becoming more widespread. The availability of free and open-source software such as SysWhispers makes it easier to incorporate sophisticated detection evasion features into various malware projects. This democratization lowers the barrier to entry for less experienced developers, thereby contributing to the proliferation of sophisticated malware families.
5. User Identity Risk: The Achilles Heel
Identity-based attacks will increase. The traditional idea that cyber attackers exploit technical vulnerabilities and security vulnerabilities (CVEs) is becoming less relevant. Today it is said: “Identities are the new vulnerability”. Organizations must shift their primary focus from strengthening infrastructure to protecting stored credentials, session cookies and access keys and addressing misconfigurations, particularly when it comes to privileged accounts (this now includes IDPs). The human factor in the attack chain requires fast and innovative defense measures.
More at proofpoint.com
About Proofpoint Proofpoint, Inc. is a leading cybersecurity company. The focus for Proofpoint is the protection of employees. Because these mean the greatest capital for a company, but also the greatest risk. With an integrated suite of cloud-based cybersecurity solutions, Proofpoint helps organizations around the world stop targeted threats, protect their data, and educate enterprise IT users about the risks of cyberattacks.
Matching articles on the topic