As cybercrime continues to evolve and escalate, we identify the most critical threats that organizations need to prepare for in the coming year. 2023 was a turbulent year for cybersecurity, with several high-profile incidents that caused significant disruption, damage, and loss. According to Cybersecurity Ventures, cybercrime is expected to cost the world $10.5 trillion annually by 2025, up from $6 trillion in 2021. To help you stay ahead of the curve and protect your organization from these growing risks, we have compiled the top 10 cybersecurity threats that you need to watch out for in 2024. We also provide some insights into how these threats will evolve and what you can do to mitigate them. Threat 1: Quantum disrupting security Threat 2: AI-powered attacks Threat 3: Ransomware Threat 4: Cloud computing Threat 5: Decoding 5G risks Threat 6: Supply chain attacks Threat 7: Insider threats Threat 8: Phishing for vulnerabilities Threat 9: Unravelling IoT Threat 10: The Metaverse Threat 1: Quantum disrupting security Quantum computing is a revolutionary technology that promises to solve complex mathematical problems faster than traditional computers. However, it also poses a serious threat to the security of current asymmetric encryption standards, which rely on mathematical problems that are hard to crack by conventional means. Quantum computers may disrupt the security of these encryption schemes in minutes, rendering them unsecure and exposing sensitive data and communications to hackers. Quantum computing will become more accessible and powerful, as major players like IBM, Google, Microsoft, and Amazon invest heavily in developing and offering quantum services. According to the 2023 Quantum Threat Timeline report (Global Risk Institute, 2023), we can confidently consider that quantum computers will reach maturity by 2037. Given that nearly all aspects of information systems like networking devices, servers and endpoints, smart devices, operating systems, applications, objects, and IoT and OT will also need to move, this timeline is very short for organizations to prepare, prioritize and execute the complete migration of their digital environment and digital business processes. Also, malicious actors are leveraging now the “harvest now, decrypt later” attack blueprint. Indeed, unfriendly and motivated actors already harvest data in significant volumes. Their goal isn’t to know what they harvest, rather betting on the fact of a valuable/critical data be in that set, which they’ll soon be able to easily decrypt with quantum computers. 2024 prediction: To defend against quantum threats, organizations will need to adopt quantum-resistant encryption algorithms and protocols, such as lattice-based cryptography, and hash-based cryptography. They will also need to monitor the quantum computing landscape and keep up with the latest developments and best practices. 2024 will be the year of action. In the first half of 2024, the National Institute of Standards and Technology (NIST) will release its final post-quantum cryptography (PQC) standards that organizations should adopt. Hence organizations must ask themselves, “To what extent are we ready to implement them?” And the necessary self-audit doesn’t stop here. Firstly, CISOs should identify if they have secured the funding for their post-quantum cryptography migration project from the Board or CFO. Then to evaluate how easy the implementation could go; organizations must build and manage their crypto inventory, so they know where to act. It includes identifying what sensitive and critical data the organization has, and for all data what security protocols and/or cryptographic algorithm was used and why. Such an inventory should also be used to ensure that all sensitive data are re-encrypted, and all sensitive contracts re-signed with post-quantum cryptography (PQC) and to avoid missing any of their occurrences or copies. After all, a single forgotten RSA encapsulated key could be a major vulnerability. Organizations must also analyze their most critical business processes, so they know where to start in order of priority. Indeed, PQC migration will be a mastodon of a transformation project, meaning critical choices and decisions must be made on whether to migrate highly sensitive data, or take the risk of it being harvested and decrypted. Besides, in terms of supply chain security, CISOs must contact all their software and hardware providers to ask them if and/or when they plan to deliver a PQC-ready version of their solution. And the list goes on, which highly incentivizes organizations to reach for the help of key cybersecurity players like Eviden to properly kick-off their PQC migration. Consequently, we predict that organizations who do not start acting on their PQC migration in 2024 will be far too late to even be quantum-proof when quantum computers reach maturity. Gear up and start in 2024 to get to PQC readiness on time. Threat 2: AI-powered attacks Artificial Intelligence (AI) is another emerging technology that has both positive and negative implications for cybersecurity. On one hand, AI can help improve security by automating tasks, detecting anomalies, and enhancing response capabilities. On the other hand, it can also be used by attackers to create more sophisticated and stealthy attacks, such as deepfakes, adversarial AI, and autonomous bots. The spread of GenAI tools has also enhanced malicious Large Language Models (LLMs), enhancing attackers’ capabilities to craft compelling phishing or faster identify attack vectors for released Common Vulnerabilities and Exposures (CVEs). Worm GPT indeed, illustrates the dark side of LLMs when commissioned to hackers’ interests. APT-29 Group is known for using AI to automate tasks and increase the efficiency of their attacks, making them a more sophisticated threat. Okta Lapsus$ Breach: Okta, an identity and access management company, was breached in 2023 by the hacker group Lapsus$. The hackers used AI to automate their attacks, making them more efficient and difficult to stop. 2024 Prediction: AI-powered attacks will become more prevalent and diverse as attackers leverage AI tools and techniques to automate and optimize their campaigns. For example, we expect to see more deepfake attacks that can manipulate audio and video to impersonate individuals or spread misinformation, adversarial AI attacks that can fool machine learning models and evade security systems, GenAI prompt injections, and autonomous bots that can perform reconnaissance, exploitation, and propagation without human intervention. To counter AI-powered attacks, organizations will need to invest in AI-based cybersecurity solutions, like Eviden’s AI-driven managed detection and response. They will also need to implement robust security controls and policies, such as data protection and identity and access management to counter these threats. Threat 3: Ransomware Ransomware is a type of malware that encrypts the victim’s data and demands a ransom for the decryption key. It has been one of the most prevalent and profitable cyber threats for years, affecting various sectors and organizations of all sizes. It has also become more sophisticated and aggressive as attackers use more advanced encryption algorithms, target more critical systems and data, and employ more extortion tactics. The notorious ransomware group BlackCat has filed a complaint with the U.S. Securities and Exchange Commission (SEC) against MeridianLink, a publicly traded software company, for failing to disclose a ransomware attack and not responding to their ransom demands. Russian hackers launched a ransomware attack against a Canadian government service provider, compromising the personal data of 1.4 million people in Alberta. The organization reportedly paid the ransom, claiming minimal data loss. 2024 Prediction: Ransomware will remain one of the top threats as attackers innovate and diversify their ransomware operations. For example, we expect to see more ransomware-as-a-service (RaaS) platforms, where attackers offer ransomware tools and services to other criminals for a fee or a share of the profits. We also expect to see more triple or quadruple extortion schemes, where attackers not only encrypt the data, but also steal it and threaten to expose it or sell it, and finally shut down public-facing servers with a Distributed Denial of Service (DDoS) attack, unless the ransom is paid. We also expect to see more ransomware gangs, where attackers collaborate and coordinate their attacks to increase their chances of success and payout. To combat ransomware, organizations will need to adopt a comprehensive ransomware prevention, detection, response, and recovery strategy. Look at Eviden’s unique Managed Detection, Response, and Recovery solution. . They will also need to follow ransomware protection best practices, such as patching systems, limiting their network exposure, and educating their users. Threat 4: Cloud computing Cloud computing is a term that describes the delivery of computing services, such as servers, storage, databases, and software, over the Internet. Cloud computing offers many advantages and benefits, such as scalability, flexibility, and cost-efficiency. However, cloud computing also poses new security challenges, such as data security, access control, and compliance. A misconfigured Microsoft Azure Blob Storage account exposed 2.4 TB of data belonging to an unnamed customer, including sensitive information such as personal identifiable information A misconfigured Samsung cloud storage bucket exposed the personal identifiable information (PII) of over 100,000 customers, including names, phone numbers, and email addresses. 2024 Prediction: Cloud threats will become more complex and sophisticated as attackers exploit the vulnerabilities and gaps of the cloud environment and infrastructure. For example, we expect to see more attacks on cloud data, such as data breaches, data leaks, and data tampering that can expose or alter sensitive data stored or processed in the cloud. We also expect to see a rise in attacks on cloud access, such as account takeover, credential theft, and privilege escalation, that can abuse or misuse the access rights and permissions of cloud users and administrators. We also anticipate more attacks on cloud compliance, such as regulatory violations, contractual breaches, and audit failures that can result in fines, penalties, and lawsuits. To protect cloud services, organizations will need to adopt cloud-specific security measures, such as encryption, authentication, and backup. They should also implement cloud security solutions, such as cloud access security brokers (CASBs), cloud security posture management (CSPM), and cloud workload protection platforms (CWPPs), to protect their cloud environments or may opt for end-to-end cloud-managed security solutions like the one offered by Eviden. Adhering to cloud security standards and frameworks, such as ISO 27017, CSA CCM, and NIST SP 800-144 will not only help with compliance but also improve security posture. Threat 5: Decoding 5G risks 5G is the fifth generation of mobile network technology that offers faster speed, lower latency, and higher capacity than previous generations. 5G enables new applications and use cases, such as the Internet of Things (IoT), smart cities, autonomous vehicles, and telemedicine. However, it is not secure by default – 5G security protocols are in the hands of the customer and need to be configured and deployed with security risks in mind. Overall, 5G has increased the attack surface and complexity of the mobile ecosystem, as more devices, networks, and services are connected and exposed to cyber risks. A 2022 study by GlobalData, commissioned by Nokia, found that nearly three-quarters of 5G network operators surveyed had experienced up to six cyberattacks or security breaches in the past year. These incidents resulted in network downtime, customer data leaks, financial losses, and reputational damage. Researchers discovered multiple vulnerabilities in 5G core networks, including the Next Generation Core (NGC) and the evolved Packet Data Serving Node (EPDN), that could be exploited to disrupt network operations or intercept sensitive data. 2024 Prediction: 5G threats will become more common and severe as attackers exploit the vulnerabilities and opportunities of the 5G infrastructure and environment. For example, we expect to see more attacks on 5G devices, such as smartphones, tablets, wearables, and IoT devices, that can compromise their functionality, data, and privacy. There may be more attacks on 5G networks, such as base stations, edge servers, and cloud platforms, that can disrupt their availability, performance, and integrity. We also expect to see more attacks on 5G services, such as streaming, gaming, and e-commerce, that can affect their quality, reliability, and security. To defend against 5G threats, organizations will need to adopt 5G-specific security solutions like the one offered by Eviden. They will also need to implement 5G security standards and frameworks, such as 3GPP, GSMA, and NIST. Threat 6: Supply chain attacks Supply chain attacks target the suppliers or partners of an organization rather than the organization itself. By compromising the supply chain, attackers can gain access to the organization’s systems, data, and customers, and cause more damage and impact. Supply chain attacks have become more frequent and sophisticated, as attackers exploit the increasing complexity and interdependency of the supply chain ecosystem. A supply chain attack targeting the MOVEit file transfer solution compromised several MOVEit customers, including major US government agencies. The attackers gained access to MOVEit source code and injected malicious code into the software, allowing them to intercept and modify files transferred through the system. A supply chain attack targeting Applied Materials, a major supplier of semiconductor manufacturing equipment, disrupted the company’s operations and caused delays in chip production. The attackers compromised a third-party software provider used by Applied Materials and injected malicious code into its software. 2024 Prediction: Supply chain attacks will continue to be a major threat, as attackers target more suppliers and partners, and use more advanced techniques and tactics. For example, we expect to see more attacks on software supply chains, such as software development, distribution, and update processes that can inject malicious code or backdoors into software products and services. We may also see more attacks on hardware supply chains, such as chip design, manufacturing, and delivery processes, that can implant malicious components or firmware into hardware devices and systems. We can also anticipate more attacks on service supply chains, such as cloud, managed, and professional services that can compromise the security and quality of the service delivery and outcome. To prevent supply chain attacks, organizations will need to enhance their supply chain security by conducting regular risk assessments, enforcing security standards, and implementing security monitoring and incident response. They will also need to establish supply chain security policies and procedures, such as supplier vetting, contract review, and incident response. Threat 7: Insider threats Insider threats originate from within the organization, either by current or former employees, contractors, or partners, who have legitimate access to the organization’s systems, data, and resources. These types of threats can be either malicious or accidental, depending on the intent and behavior of the insider. They can cause significant damage and loss as insiders can bypass security controls, exploit privileged information, and evade detection. Two former Tesla employees leaked thousands of personal records to a German news outlet, including the names, addresses, and Social Security numbers of current and former Tesla employees. The employees were reportedly motivated by frustration with the company’s management. An IT worker in the United Kingdom has been jailed for impersonating a ransomware gang and extorting his employer. The worker sent a threatening email to the company demanding a ransom payment of £50,000, warning that if the company did not pay, he would delete all of their data. The worker was caught after the company reported the incident to the police. 2024 Prediction: Insider threats will become more challenging and costly, as organizations face more internal and external factors that can influence and trigger insider actions. For example, we expect to see more insider threats driven by economic hardship, social unrest, political polarization, and personal grievances that can motivate insiders to sabotage, steal, or leak sensitive data or assets. We can also expect more insider threats enabled by remote work, cloud migration, and digital transformation that can create more opportunities and avenues for insiders to access and compromise critical systems and data. To deter insider threats, organizations will need to adopt a holistic insider threat management approach, that includes monitoring, training, and auditing, and implementing insider threat detection and prevention solutions, such as user and entity behavior analytics (UEBA), data loss prevention (DLP), and privileged access management (PAM) to protect their assets from insider threats. They will also need to implement insider threat policies and programs, such as background checks, access control, and awareness training. Threat 8: Phishing for vulnerabilities Phishing is a type of social engineering attack that uses fraudulent emails, messages, or websites to trick the victim into revealing sensitive information, clicking malicious links, or downloading malicious files. While it is one of the oldest and most common cyber threats as it is easy to execute and effective in exploiting human vulnerabilities, phishing is also a gateway to other attacks, such as malware, ransomware, and account takeover. A South Korean government-affiliated institution was reportedly the victim of a phishing scam that resulted in the loss of 175 million won (approximately $131,000). This incident is said to be the first phishing attack against a South Korean government public organization. Hackers used an SMS phishing attack to target Activision employees, gaining access to their email addresses, cell phone numbers, salaries, and work locations. The attack was reportedly not detected by Activision until February 2023, despite occurring in December 2022. 2024 Prediction: Phishing will continue to be a widespread and persistent threat as attackers refine and diversify their phishing techniques and tactics. For example, we expect to see more spear phishing and whaling attacks, where attackers target specific individuals or organizations with personalized and convincing messages. We also expect to see more vishing and smishing attacks, where attackers use voice calls – including AI-generated voices use – or text messages to deliver their phishing content. In the future, more phishing attacks will leverage current events and trends, such as Gen-AI, the metaverse, and the Olympics to increase their relevance and appeal. To prevent phishing, organizations will need to adopt phishing prevention solutions such as secure web gateway (SWG), secure email gateway (SEG), and phishing simulations. They will also need to educate their users on how to spot and avoid phishing, such as checking the sender, the content, and the URL of the message or website. Threat 9: Unravelling IoT The Internet of Things (IoT) is a term that describes the network of physical devices, such as sensors, cameras, smart appliances, and wearables, that are connected to the Internet and can collect and exchange data. This wide spectrum offers many benefits and opportunities, such as improving efficiency, convenience, and innovation. However, the IoT also introduces new security risks, such as data privacy, device security, and network security. Cybersecurity firm Mandiant warned of a new ransomware strain that specifically targets IoT devices. The ransomware, known as ‘Mallox,’ encrypts files on infected devices and demands a ransom payment in exchange for the decryption key. Hackers exploited a flaw in an industrial control system to cause widespread power outages in several countries. The attack highlighted the growing threat of cyberattacks against critical infrastructure. 2024 Prediction: IoT threats will increase in number and impact as more IoT devices are deployed and used in various domains and scenarios. For example, we expect to see more attacks on consumer IoT devices, such as smart TVs, smart speakers, and smartwatches that can compromise their functionality, data, and privacy. We also expect to see more attacks on industrial IoT devices, such as sensors, controllers, and actuators that can disrupt their operation, performance, and safety. There will be a rise in the attacks on healthcare IoT devices, such as pacemakers, insulin pumps, and thermometers that can endanger their reliability, accuracy, and therefore people’s health and safety. Organizations will need to implement IoT-specific security measures to secure IoT devices. This includes encryption, authentication, and patching, and adopting IoT and IT-integrated security solutions — IoT security gateways and purpose-built platforms — to protect their IoT devices and networks. They will also need to follow IoT security best practices, such as updating their firmware, changing their default passwords, and isolating their IoT networks. Threat 10: The Metaverse The metaverse is a term that describes a virtual reality environment where people can interact with each other and digital content in immersive and realistic ways. Now, the metaverse is expected to become the next frontier of the internet as more platforms, applications, and services enable users to create, explore, and share virtual experiences. However, the metaverse also introduces new security challenges, such as data privacy, identity theft, and cyberattacks. A decentralized finance (DeFi) protocol called Beanstalk Farms was hacked, resulting in the theft of $180 million worth of cryptocurrency. The attackers exploited a flash loan attack to steal the funds. A group of researchers discovered a new type of malware that can infect VR headsets. The malware is designed to steal users’ personal information, such as their credit card numbers and passwords. 2024 Prediction: The metaverse will attract more users and businesses as well as more hackers and scammers. We expect to see more metaverse threats such as data breaches, account hijacking, phishing, malware, and ransomware. For example, attackers could steal personal and financial information from metaverse users, compromise their accounts and avatars, trick them into clicking malicious links or downloading malicious files, infect their devices and networks with malware, encrypt their digital assets, and demand a ransom. To protect themselves from metaverse threats, organizations will need to develop metaverse-specific security policies, practices, and tools to protect their users, assets, and infrastructure from metaverse threats. They will also need to follow metaverse security best practices like using strong passwords, enabling multi-factor authentication, verifying the source and content of messages and files, and backing up their data and assets. Make 2024 the year you want it to be. 2024 is shaping up to be a challenging and exciting year for cybersecurity as new threats emerge and old threats persist. To stay safe and secure in 2024, you need a trusted and reliable partner that can help you anticipate, prevent, detect, and respond to these threats. Eviden is the global leader in cybersecurity, offering a comprehensive portfolio of cybersecurity products and services to help you protect your organization from any cyber threat. Whether you need cybersecurity consulting, cybersecurity solutions, or managed cybersecurity operations, we have the expertise, experience, and resources to meet your needs and expectations. Contact us today and get a free consultation on how we can help you improve your cybersecurity posture and readiness for 2024. Stay safe and secure in 2024 with Eviden.