Bytes Blog: Threat Trends 2024

Tuesday 9th January 2024

As we begin a new year, it is important for all organisations review the Cyber landscape – reviewing key trends, challenges, innovations & most importantly, new & emerging threats. 

Check out our comprehensive list below which uncovers key threat trends that the Bytes team of cyber experts have created to help give you a clear view of the Cyber landscape.

If you have any questions on the below content, or would like to discover how Bytes can support your Cyber Security strategy, please email your dedicated Bytes Account Manager or email [email protected].

Trending Threats

  • Ransomware/Ransomware as a Service

Cybercriminals will increasingly use ransomware to extort money from individuals and organisations. Ransomware and digital extortion have been trending over the past years and this is unlikely to change in 2024. These attacks are expected to increase in volume and sophistication, partly because the primary delivery method remains phishing email campaigns which – in turn – will benefit from AI augmentation.

  • Artificial Intelligence (AI)

Generative AI has been the topic of 2023 and this will certainly continue in 2024, with new AI Government guidance. There are multiple uncertainties surrounding this new technology, organisations need to be considering the risks posed and how they are using and monitoring AI. As GenAI models continue to improve and promise to deliver more value to organisations, the interest from cyber criminals attempting to leverage these tools will increase. 

Confidence in the use of AI within the Security Operations Centres will increase and so will its adoption and, as cyber criminals become aware of this trend, efforts will focus on reliability of information and potential external influences.

Adversarial use of AI is constantly increasing in both volume and sophistication, from deepfake social engineering attempts to Large Language Model prompt engineering and more.

In the past, skills and expertise were the first obstacle for everyone to perform complex cyber-attacks. Tomorrow, GenAI will broaden access of these techniques to a much larger audience, which will inevitably include cyber criminals.

  • Complex attacks

Ransomware alongside Distributed Denial of Service (DDOS) attacks are becoming increasingly common, as criminals seek new extortion methods, or ways to generate more income.

  • Malware

Malware continues to be used alongside Ransomware to extort victims. Large Language Models and AI may increase the ability of threat actors to generate new and more efficient code, harder to detect especially by suboptimal security tools, with more damaging consequences for organisations.

  • Third party risk/supply chain compromise 

Cybercriminals target the supply chains of large organisations to gain access to sensitive data. Supply Chains may be leveraged by hostile nations, to attack target governments through a third-party supplier.

  • Deepfakes

Deepfakes are AI-generated videos that can be used to spread misinformation and propaganda to deceive viewers, manipulate public opinion, or defame individuals. They can be deployed in various contexts, from politics and entertainment to fraud attempts.

  • Cloud targeting/Cryptojacking

More organisations have moved their data to the cloud, making cloud providers a lucrative target for cybercriminals to gain access to sensitive data. Cloud targeting can take many forms, from phishing attacks to malware and supply chain attacks.

Crypto jacking represents the act of mining cryptocurrencies by secretly - and illegally - accessing and using a victim’s computing power to process cryptocurrency transactions and generate money as a result. This form of cyber-attack is expected to increase in 2024.

This is especially worrying when coupled with the growing adoption of public cloud infrastructure usage. Attackers are continually looking to gain access to these platforms as it gives them the capability to provision compute resources to be used for mining.

  • Zero-day exploits

Cybercriminals will continue to exploit vulnerabilities in software and hardware to gain access to systems. Zero-days are unpatched vulnerabilities, making it less likely organisations will have the correct defences in place to secure the vulnerable assets.

  • Social Engineering

Social engineering attacks, involving attackers tricking users into giving them access to information systems, will also increase in sophistication. Generative AI tools (such as ChatGPT) will enable more cyber criminals to make smarter, more targeted attacks.

The threat of ‘lookalike’ domains in phishing attacks already includes typo squatting and combo squatting and will be enhanced by the use of countless domains that are visually indistinguishable from legitimate ones in order to deceive users. They will feature techniques like homographs, powered by AI engines and aimed at exploiting the smallest oversights in our digital interactions.

The best response to this will largely revolve around a better organisation-wide awareness and education.

Want to keep informed? Sign up to our Newsletter