Dear Storm Watch hosts,
As we approach the new year, I'm curious about what the future holds for cybersecurity. What are your predictions for 2024? Do you have any hot takes on the emerging trends and potential threats in the digital security landscape?
Curious about Cybersecurity
Kimber Duke, GreyNoise Product:
My 2024 hot takes are influenced by the upcoming election year potential for insanity. We know that this year is going to be fraught with geopolitical situations, making for a tumultuous news cycle that will have us feeling exhausted starting in January. We can definitely expect to be overwhelmed by the sheer amount of news coming out about impending threats from nation-state APTs, and I look forward to seeing what kind of influence this election cycle will have on regulations surrounding ICS, IoT, and supply chain. We've nailed the security onion, but how much more can CISA and the government agencies influence technology beyond the everyday user facing situations?
On a lighter and brighter note, I expect in response to rising rates of targeted attacks rather than opportunistic ones, enterprises will have a renewed interest in deception technology. While this might sound self-serving coming from a GreyNoise product manager, you can already see the rise of interest in honeypots at local conference talks, the concept of canaries becoming central to EDR programs, and the idea that maybe we're getting too many alerts on all the wrong things. Deception engineering will be an addition to the 2024 enterprise security stack because it fast forwards to how your crown jewels are most easily exploited and who wants them.
Finally, 2024 will be the year of high conference attendances. Information sharing is absolutely broken since the downfall of Twitter, and people are looking for how they can keep in touch with everyone whether it be on Discord, Mastodon, or Reddit. I expect a record Defcon attendance year because of this feeling of isolation everyone is experiencing. Taking the time to reconnect with your network and sharing what you know will be crucial since our communities are in an isolated state, but I hope to see more people connecting in person because of our changing communication tides.
Emily Austin, Censys Research:
I'll start with what is perhaps the most mundane of my predictions. I think back office software will continue to be a popular target for financially-motivated threat actors in 2024. This was the year of file transfer tool hacks, and while I think we'll continue to see fallout and disclosures from these hacks into 2024, I won't be surprised to see other B2B software come into threat actors' sights. Many of these systems are improperly exposed to the Internet, providing a relatively simple initial access vector.
Over the last few years, we've seen geopolitical and hacking events become increasingly intertwined on the global stage, and I think we'll see that continue in 2024. Nation states may be interested in cyber capabilities to gain intelligence or disrupt adversary infrastructure, but I think we'll also continue to see activity from ideologically-motivated hacktivist groups. Volt Typhoon, the IT Army of Ukraine, and the recent attacks on Israeli-manufactured water PLCs are just a few examples that come to mind.
Finally, I'm interested in the effects of AI on misinformation and disinformation campaigns. I'm not convinced AI will make a tremendous difference in the effectiveness of such propaganda, because it's arguably already been quite effective. Rather, I think the availability of powerful AI-driven tools will facilitate actors' ability to generate deceptive content faster, and at a much broader scale.
The TL;DR of my predictions is: a lot more of the same, but turn it up to 11.
Glenn Thorpe, GreyNoise Labs:
In 2024, we will see a continuation of the key cybersecurity trends we observed in 2023. The ongoing kinetic and cyber wars, highly disruptive ransomware campaigns, increased legal scrutiny of the CISO role, and the rapid mainstream adoption of artificial intelligence will all persist.
However, there will be one major difference in 2024 – an exponential increase in the use of AI across the board. Both attackers and defenders will race to weaponize AI, ushering in a new era of sophisticated threats and defenses powered by machine learning.
Wartime cyber operations are unlikely to cease even if kinetic conflicts end, as state and non-state actors have heavily invested in offensive capabilities. They will have a chest full of perishable vulnerabilities ripe for exploitation in the aftermath. While peace treaties may be signed, cyber peace will lag behind.
Ransomware will also continue unabated until the infrastructures supporting it disappear. Cybercriminals will keep using tried-and-tested social engineering tactics as long as organizations and individuals remain vulnerable. Tighter cyber insurance policies will raise the stakes further.
And for those already fatigued by the AI hype cycle in 2023 – brace yourselves. 2024 will see AI go (even more) mainstream as organizations feel extreme pressure to deploy the latest models; in both their own services and in delivering their services. CISOs will undertake a delicate balancing act, racing to enable AI innovation while ensuring robust protections are built-in by design. AI security emerges as a top priority, much like mobile security during the BYOD era.
The stage is set for an eventful year ahead. As AI transforms both offense and defense, the cat-and-mouse game will intensify. But with careful planning and responsible AI adoption, cyber defenders can gain an edge over attackers in 2024.
As my hot take: we’re going to be hearing a LOT more about how cyberattacks physically affect quality of life; including loss of life.
Bob Rudis, GreyNoise Labs:
AI Gone Wild
We've all seen how AI can be a force for good, but in 2024, we're going to see it go further rogue than it has already gone in 2023. Cybercriminals are going to level up their efforts at using AI to launch attacks that are so sophisticated, they'll make the Death Star look like a kid's toy. We're talking deepfakes that are indistinguishable from reality, and spear phishing attacks that could fool even the most vigilant among us. It's going to be like Skynet, but instead of killer robots, we'll have killer emails and deepfakes.
As a slide into the next prediction, we'll also see actors on all sides (internally and abroad) use AI to try to influence the 2024 U.S. POTUS election
Election Espionage Extravaganza
With the POTUS election coming up, we're going to see nation-state cyber activity go through the roof. But instead of the usual attacks and ransomware, they will focus on espionage and information theft. Think James Bond, but with more keyboards and fewer martinis. The election will be a prime target, with everything from disinformation campaigns to direct attacks on election infrastructure. Unfortunately, this will be all-too-easy thanks to the level of sophistication in even the most banal attacker toolkits today. It's going to be a wild ride.
The Year of the Tattletale
In 2024, organizations will be forced to spill the beans about their cyber breaches. This will be driven by regulatory changes, a spate of at least three-to-five punishing breaches at well-recognized organizations (one of which will impact a major financial services firm and cause major market distress for days), and the realization that transparency is key to maintaining trust and stability. So, get ready for a year of juicy cyber gossip as companies are forced to air their dirty laundry in public.
Be sure to tune into Storm Watch every Tuesday to stay up to date on all breaking cyber news and expert insights into emerging threats.