In 2024, cybercriminals will develop new exploits for mobile, wearable and smart devices, Kaspersky predicts. They also expect there will be more state-sponsored attacks.
Advanced Persistent Threats (APTs) are the most dangerous threats because they use complex tools and techniques, are often highly targeted, and are difficult to detect. As part of the annual Kaspersky Security Bulletin, Kaspersky publishes forecasts for the coming year. The forecasts for 2024 were developed based on Kaspersky's globally deployed threat intelligence services.
“The increased availability of AI tools this year has not been lost on threat actors running large-scale and sophisticated APT campaigns. However, we expect that they will not only use these; We will also see new methods of supply chain attacks, the emergence of hack-for-hire services, novel exploits for consumer devices, and much more. Our goal is to provide advanced threat intelligence that stays one step ahead of the latest threat developments and enables companies to defend against cyberattacks more effectively,” concludes Igor Kuznetsov, Director in the Global Research and Analysis Team (GReAT) at Kaspersky, the APT forecasts for the coming year.
AI-powered spear phishing, increase in mobile device exploits and new botnets
AI tools will make it easier to create spear phishing messages and even allow attackers to impersonate specific people. To do this, they could develop new automation methods and feed data collected online into Large Language Models (LLMs) to write cover letters in the style of someone known to the victim.
Furthermore, the APT campaign Operation Triangulation [2], which became known this year, marked a milestone in exploits that hit mobile devices. This is likely to lead to further investigation into APTs targeting mobile, wearable, and smart devices. Kaspersky experts expect threat actors to expand their monitoring efforts and target various endpoints through vulnerabilities and “silent” exploit delivery methods, including zero-click attacks via messengers, one-click attacks via SMS or messaging apps. In addition, attackers are likely to intercept network traffic. The protection of private and business devices is therefore becoming increasingly important.
It also calls for greater attention to vulnerabilities in commonly used software and devices. The discovery of high-severity and critical-severity vulnerabilities sometimes results in limited investigations and delayed fixes. This can pave the way for new, large and covert botnets that can be used for targeted attacks.
Increase in cyberattacks by state-backed actors and hacktivism as “The New Normal”
Given increasing geopolitical tensions, the number of state-sponsored cyberattacks could increase in the coming year. These attacks are likely to result in data theft or encryption, destruction of IT infrastructure, long-term espionage and cyber sabotage.
Geopolitical conflicts have also led to an increase in destructive and misinformation-spreading hacktivism activities worldwide. The ongoing tensions suggest that this trend will continue. This hacktivism leads to unnecessary investigations and resulting alert fatigue among SOC analysts and cybersecurity professionals.
Further forecasts for 2024
Supply Chain Attacks as a Service: Supply chain attacks target smaller businesses to penetrate large companies. The Okta attacks in 2022 and 2023 [3] illustrate the extent of the threat, with motives ranging from financial gain to espionage. 2024 could see new developments in the darknet credentials market that enable more efficient and large-scale attacks.
New groups will offer hack-for-hire services: There are an increasing number of hack-for-hire groups offering data theft services to their clients, including private investigators and competitors. Kaspersky experts assume that this trend will continue in the coming year.
Kernel rootkits are on the rise again: Despite modern security measures such as Kernel Mode Code Signing, PatchGuard, and HVCI (Hypervisor-Protected Code Integrity), the barriers designed to prevent kernel-level code execution are continually bypassed by APTs and cybercriminals. Attacks on the Windows kernel enabled by Windows Hardware Compatibility Publisher (WHCP) abuse are likely to increase; and the criminal market for EV certificates and stolen code-designing certificates is growing. Threat actors will also increasingly use BYOVD (Bring Your Own Vulnerable Driver) in their tactics.
Managed File Transfer (MFT) systems used for advanced attacks: MFT systems are increasingly exposed to cyber threats, as demonstrated by the attacks on MOVEit and GoAnywhere in 2023. With many cybercriminals seeking financial gain and business disruption, this trend will continue. Companies should invest in robust cybersecurity measures because the complex MFT architecture integrated into larger networks poses security risks. In addition to data loss prevention and encryption, you should invest in cybersecurity awareness.
More at Kaspersky.de
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/
One thought on "Predictions for 2024: Increase in AI-powered phishing"
Comments closed