Cybersecurity costs are predicted to rise globally to $10.5 trillion by 2025 as cybercrime becomes more sophisticated. No doubt we will see more artificial intelligence (AI) being leveraged for nefarious uses, and social engineering-style attacks such as phishing are also likely to rise. Here are five predictions for what 2024 will bring.
an article written by ANDREW NEWMAN – CTO and cofounder of ReasonLabs
1. Advanced phishing
We’ve already seen AI begin to be leveraged, but it’s unlikely that it has reached its full potential. As with any good technology, it’s only a matter of time before criminals get hold of it. The use of generative AI will make scamming easier and much more sophisticated, and advanced phishing is the first port of call. Generative AI can be used to create highly convincing phishing emails, messages, or websites that can be used to imitate legitimate communication from trusted sources, making it more challenging for users to discern between genuine and fraudulent content.
In 2023, we witnessed attacks against global corporations such as Clorox and MGM Resorts by the social engineering attack mavens Scattered Spider, who used multiple techniques and tools to gain remote access or bypass multifactor authentication to hack these companies. In the case of MGM, it was a vishing attack that led to the data breach, highlighting the human risk factor in these attacks.
Advanced phishing techniques like spear phishing have also become easier, thanks to AI. For threat actors, productivity output is greatly increased and they are able to aggregate more information about people. Similarly, we may see an increase in whaling attacks as cutting-edge technologies learn to break through multifactor authentication. The recent Okta attack led hackers to view recorded browser files that its customers had uploaded for troubleshooting.
2. AI-powered scams
Generative AI can be exploited to create other scams such as automated customer support scams, whereby customer support bots mimic the communication style of legitimate businesses in an attempt to gain access to credentials. AI can also be used to spread fake news and misinformation by generating realistic-looking news articles, blog posts, or social media content. I expect fraudulent deepfake scams to surface around the next presidential election and incidentally, these types of scams could also lead to sophisticated identity theft attempts.
To mitigate the risks associated with generative AI in the context of online scams, it is crucial for technology developers, businesses, and regulators to adhere to ethical guidelines and implement safeguards in AI systems, in order to prevent malicious use and enhance user security awareness. Businesses must also implement robust authentication processes to ensure that users are interacting with legitimate entities, and ensure they regularly update security protocols.
3. Increase in supply chain attacks
The increase in supply chain attacks over the years disrupts businesses and results in private customer information being leaked and sold on the dark web. For the attacker, supply chain attacks are effective as they only need to compromise a single entity within the supply chain to enact far-reaching consequences. The broad impact of these attacks extends to multiple organizations, affecting end-users and customers, and amplifying the potential for damage.
For example, the 2023 MOVEit hack affected more than 1,000 organizations and over 60 million individuals alone, displaying how quickly a supply chain attack can escalate. Coordinating cybersecurity defense across vast networks can be challenging, making it easier for attackers to find vulnerabilities in supply chains. Organizations need to further enhance their security, conduct thorough vendor assessments, and monitor for abnormal activities within the supply chain in order to avoid these breaches.
4. Deployment of malicious browser extensions
Malware targeting home users is strongly on the rise, with an increased use of malicious browser extensions being a perfect example. We recently saw over 30 malicious extensions removed from Google’s Chrome Web Store in June, but only after they had been downloaded 75 million times. Unfortunately, the use of malicious browser extensions is a growing trend—not just in frequency, but in sophistication as well.
Bad actors are getting better at exploiting both the open architecture of web browsers and the naïveté of users. Organizations need to adopt proactive measures to minimize the risks posed by malicious browser extensions in the future, including regularly updating extensions, utilizing trusted endpoint protection, and integrating extension security into their broader cybersecurity strategies.
5. Changing demographics brings more threats
As more young people get connected online, attack surfaces greatly increase. It’s vital that young users establish a cybersecurity posture. However, I can tell you from personal experience, they almost shrug their shoulders at it. Instant gratification, plus the mistaken belief that everything is disposable, extends to the way in which people view their online activities and digital security.
The natural reaction to a hacked account should not be “I’ll just create another account!” Instead, we need to fix the underlying issue. For this to happen, we need to prioritize cybersecurity education, awareness, and training. Whether desktop use, mobile phone activity, or gaming, each new generation should understand the crucial need to fortify their devices and protect their data.
At the moment, the big loser in any security breach is the consumer. When business becomes the sole focus, it’s the individual who loses out. Additionally, there’s a large need for cybersecurity experts for hire—which is ironic, because it’s becoming apparent that over time that gap will decrease as AI replaces workers. Ultimately, as we forge forward in 2024, we must emphasize the ongoing collaboration between technology developers, security experts, and regulatory bodies, which is essential to address emerging challenges and protect users from deceptive practices.
Related documents you may like
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below: