For cybersecurity professionals, remaining effective requires staying on top of a constantly evolving arsenal of attack strategies deployed by hackers. As soon as one area is secured, another can come under siege. In some cases, the hackers keep their focus on the same sector, simply changing the attack vector to account for new security controls. As we approach 2024, the following are some of the hacking and cybersecurity trends that technology and security professionals should be on the lookout for.
Ransomware attacks
A recent report shows ransomware attacks are on the rise. During the third quarter of 2023, organizations reported nearly twice the frequency of attacks they endured during the same quarter in 2022. The same report showed a shift in ransomware attacks from weaponizing Managed File Transfer apps to exploiting vulnerabilities. Recent media reports have shown that while new vulnerabilities continue to be discovered, recent attack trends focus on weaponizing old vulnerabilities.
Reports in 2021 suggested cyber attackers were targeting companies with cybersecurity insurance, explaining that companies with insurance were thought to be more likely to pay ransoms than those without since the policy covered their losses. While it is difficult to prove the logic, it has led some insurance companies to exclude ransomware attacks from cyber insurance policies, forcing organizations to rethink their strategies for responding to such attacks.
In terms of ransomware targets, healthcare organizations were reportedly the most frequently attacked during 2022, with critical manufacturing attacks ranking second on the list and government facilities ranking third. In 2023, healthcare remained a top target, though some experts predict a shift in 2024,marking the education sector as a new priority target.
IoT Security
A report issued in 2023 on IoT security revealed that the average home in the US has 46 devices connected to the internet. Every 24 hours, those devices were targeted by an average of eight attacks, including DDoS attacks and IoT malware. Experts expect IoT attacks to continue to rise in 2024 due to the lack of standardized security standards in the IoT industry.
The trend toward remote and hybrid work is expected to continue in 2024 means IoT vulnerabilities are a growing concern for many organizations. IoT vulnerabilities can give hackers access to employees’ home networks, which are now frequently connected to work networks. Trends in IoT-related cybersecurity include enhanced training on cyber threats for employees.
AI-driven attacks and defenses
As the capacity and availability of artificial intelligence tools have grown, both cyber attackers and cyber security experts have found creative ways to apply them to further their goals. For example, AI-powered tools can be used to analyze security systems and uncover vulnerabilities, an exercise that can help both attackers and defenders.
Generative AI tools like ChatGPT are predicted to play a role in crafting more effective cyberattacks in 2024, especially in the area of social engineering attacks. Generative AI tools can analyze communication patterns and assist cyber attackers in preparing messages with a higher chance of fooling victims. AI’s ability to support deepfake audio recordings could also be used to improve the effectiveness of vishing attacks in 2024. To respond to improved social engineering attacks, zero trust will become a normal part of corporate cyber security policies.
Experts are also predicting that AI-powered tools could be used to address the ongoing workforce shortage in the cybersecurity space. AI-powered automation could manage security tasks that involve analysis of large data sets, such as scanning files for signs of malware or monitoring network activity to detect attacks as they are occurring. These systems could be used to trigger security protocols to isolate the impact of attacks once threats are detected.
The overall approach of cyber attackers will remain unchanged in 2024: identify and exploit vulnerabilities. Organizations should expect, however, that attacks will grow in volume and creativity as bad actors learn to leverage AI-driven tools for automation and data analytics. To fight back, organizations must ensure security is up-to-date, employees are educated on threats, and AI is used to support efforts as much as possible.
