Contributors:

• Harshil Doshi- Country Director, India & SAARC

• Augusto Barros- VP, Cybersecurity Evangelist

• Findlay Whitelaw- Field CTO, Insider Threat Program, and UEBA Solution

• Haggai Polak- Chief Product Officer

• Securonix Threat Labs

2023 is almost over, which means it is now time for the cybersecurity industry to look back at major developments during the year and anticipate what trends, challenges, and opportunities lie ahead in 2024. 2023 saw numerous trends that are likely to continue into 2024 and beyond

2023 was the year that AI exploded on the public stage with the growth of large language models (LLMs) like ChatGPT. This trend will extend into 2024 as both hackers and cybersecurity professionals continue to evolve the use of artificial intelligence (AI) and machine learning (ML). Attacks will become more sophisticated as threat actors continue to use AI tools — 2024 will likely witness an increase in AI-assisted and AI-driven attacks successfully bypassing security controls such as MFA, zero trust and other fundamental security technologies and defences. Security professionals will have to adapt to these attacks through the development of their own AI-based tools to create effective defences.

One particular threat will be the use of technologies like generative AI and deep fakes. They have been proven to be effective in improving phishing and other social engineering attacks that bypass security protocols to access sensitive information — 47% of Indians have been or know someone who is a victim of AI voice cloning attacks. These technologies also have wider social and political ramifications as they become more convincing and eliminate obviously identifiable artefacts making it harder to distinguish real information from fraudulent or artificially generated content. The recent deepfake controversies with Rashmika Mandanna, Kajol and Katrina have made this a public issue in India, with Prime Minister Narendra Modi commenting on the issue and instructing his government to pass appropriate regulations. With India and the United States both going into major election years, deep fakes are likely to continue being prominent in cybersecurity and misinformation campaigns.

The cybersecurity industry has long identified these AI trends and every provider is developing AI capabilities to add to their products for threat detection, mitigation and more. However, implementing AI in cybersecurity is a time and resource intensive endeavour where success is not immediate. It is an ongoing process that requires the collection and preparation of data that is fed into AI models that need to be fine-tuned and calibrated multiple times. This is without going into additional considerations that arise when integrating these solutions into existing security infrastructures. Choosing security vendors that are at the forefront of AI will be beneficial as their expertise and familiarity will prove pivotal in navigating an increasingly AI-dominated cybersecurity landscape.

It is important to remember that despite its many capabilities, AI is unlikely to make humans redundant. AI excels in handling large volumes of data and performing repetitive tasks at speeds and accuracies beyond human cognitive abilities. The productivity and efficiency benefits AI solutions can create will mean that we can expect some high-volume, repetitive tasks may shift from manual execution to automation and AI, if they haven’t already. However, AI lacks emotional and causal intelligence as well as the ability to fully execute complex decision-making roles, especially where judgement and ethical considerations are at play and there is a need for contextual or nuanced understanding. In 2024, we can expect AI to continue augmenting the capabilities of cybersecurity professionals, rather than replace them.

2023 saw an increase in highly targeted and evasive cyberattacks that have been attributed to cybercriminal groups and state-sponsored threat actors. Their effectiveness will mean that we can expect to see more such methods being used in 2024. The attacks have been persistent and can involve both state-sponsored malicious threat actor cyber espionage and disruption operations, as well as more traditional cybercriminals and ransomware operators exfiltrating and encrypting sensitive data. For example, the STARK#VORTEX campaign was used by a threat group to target the Ukraine military by using Pilot-in-Command (PIC) Drone manuals as lure documents to deliver malware. Attacks have also increasingly begun to use automation, third-party components, “grey area” and attack tools like remote monitoring and management (RMM). This will likely continue in 2024, bringing more ways for ransomware attackers to extort victims and gain leverage in ransom negotiations.

This trend is also likely to be replicated with phishing emails and social engineering exploits, which continue to be effective ways to breach an organisation. Phishing attacks increased by 62% last year and threat actors are going to continue leveraging phishing emails as a primary source of compromise in 2024 with new and evolved tactics, techniques and procedures (TTPs). 2023 saw QR code-based phishing (quishing) gain popularity and witnessed an uptick in more advanced tactics such as man-in-the-middle (MITM) and adversary-in-the-middle (AiTM) attack methods that leverage tools like EvilProxy. In addition to phishing, advanced tactics like social engineering and malvertising will continue to be prolific.

All businesses, large or small, are targets for threat actors from within and outside the organisation but certain sectors face additional risk. Financial services, healthcare and education will continue to attract the attention of threat actors as their economic importance and data value make them especially attractive targets. AIIMS Delhi, the premier medical institution that treats high-level government officials and foreign dignitaries, faced a crippling attack in late 2022 before successfully thwarting another in mid-2023. Governmental and non-governmental organisations working on important economic, justice and civic issues are also likely to be a target of misinformation and cyberattack campaigns from foreign and domestic actors.

Geopolitical trends for the last few years have increasingly seen the growth of cyber as a theatre for warfare, a trend that accelerates with every additional conflict. With recent events in the Middle East, and continuing conflict in Ukraine, nation-state actors and state-sponsored cyberattacks may continue to escalate, leading to an increased focus on international cooperation and cyber deterrence strategies.

Cybersecurity is a perennial cat-and-mouse game. Cyberattackers continue to evolve their TTPs to avoid defences and cybersecurity providers continue to evolve new defences to counter them. The development of current technologies like AI, and future ones like quantum computers, dramatically change cybersecurity considerations and 2024 will add further developments and complexities to the task of protecting organisations and individuals in the digital age.