As we venture deeper into the digital landscape, Check Point Research (CPR) unveils its comprehensive projections for 2024, revealing a surge in cyberattacks and the evolution of threat landscapes. We’ll dissects the nuanced insights Check Point provides, spanning artificial intelligence (AI)-driven cyberattacks, GPU farming, vulnerabilities in the supply chain, shifts in the cyber insurance landscape, nation-state attacks, weaponised deepfakes, and the persistent threat of phishing.
AI and Machine Learning: Embracing the Power and Perils
Artificial intelligence and machine learning are set to dominate the cybersecurity conversation in 2024. The rise of AI-directed cyberattacks will see threat actors leveraging AI for rapid development of new malware and ransomware variants. Cyber defenders are not far behind, investing significantly in AI for cybersecurity to guard against advanced threats. As regulations on AI use in cybersecurity take shape, responsible and ethical deployment becomes a crucial focus.
“Our reliance on AI for cybersecurity is undeniable, but as AI evolves so will the strategies of our adversaries. In the coming year, we must innovate faster than the threats we face to stay one step ahead.” – Sergey Shykevich, Threat Intelligence Group Manager, Check Point Software Technologies.
GPU Farming: The Cloud as a Lucrative Battlefield
As the popularity of generative AI continues to soar, the cost of running massive models skyrockets. In response, hackers eye cloud-based AI resources as a lucrative opportunity, with a focus on establishing GPU farms to fund their AI activities. Drawing parallels to past trends like Crypto Mining, 2024 anticipates GPU Farming as the latest and most sought-after target in cloud-based cyberattacks.
Supply Chain and Critical Infrastructure Attacks: A Call for Stricter Protocols
The increase in cyberattacks on critical infrastructure prompts a shift towards “zero trust” models. These models necessitate verification from anyone attempting to connect to a system, regardless of their network location. Stricter evaluations of third-party suppliers become crucial as the supply chain remains a weak link. Recent breaches emphasise the critical importance of stronger security protocols in the supply chain.
Cyber Insurance: Balancing Security and Convenience
AI is poised to transform how insurance companies assess cyber resilience, providing opportunities for direct cybersecurity services. To combat rising costs and talent shortages, organisations will shift from reactive to more effective defensive security. By demonstrating preventative action against cyberattacks, organisations may see a reduction in their cyber insurance premiums.
Nation State Attacks and Hacktivism: Blurring Lines in Cyber Warfare
The Russo-Ukraine conflict marks a milestone in cyber warfare, highlighting the staying power of nation-state cyberattacks. Geo-political instability is expected to fuel hacktivist activities, particularly Distributed Denial of Service (DDoS) attacks. The lines between hacktivism and commercialism blur, with ransomware attacks becoming a revenue stream for ulterior motives.
Weaponised Deepfake Technology: The Rise of Manipulative Content
Deepfake technology is advancing, with threat actors weaponising it for social engineering attacks. The aim is to create content that sways opinions, alters stock prices, or gains access to sensitive data. Readily available online, deepfake technology poses a significant threat that organizations must address in their cybersecurity strategies.
Phishing Attacks: A Constant Threat Evolves
Phishing, now more personalised and effective due to AI enhancements, is expected to originate more frequently from credential theft than vulnerability exploitation. As software exploits become more challenging, phishing campaigns will continue to exploit human vulnerabilities, making them a persistent threat.
Ransomware: Stealthy Exploits, Enhanced Extortion, and AI Battlefields
The adoption of “living off the land” techniques, leveraging legitimate system tools for attacks, is anticipated to surge. Despite organisations bolstering their defenses against ransomware, incidents of data loss or leakage are likely to increase. Interpreting ransomware attack statistics will require discerning analysis due to reporting nuances, urging organisations to evolve their approach to security.
“The use of artificial intelligence by ransomware attackers will become more advanced, requiring organisations to not only focus on preventing attacks but also enhancing their incident response and recovery plans to mitigate the potential impact.” – Daniel Wiley, Head of Threat Management and Chief Security Advisor, Infinity Global Services at Check Point Software Technologies.
As the methods and tools of cybercriminals evolve, organisations must adapt their cybersecurity measures accordingly. The year 2023 witnessed several large-scale attacks, emphasising the need for companies to prioritise their security protocols and scrutinise the practices of third-party suppliers. With the rise of AI-enhanced cyberattacks, zero trust models, and the weaponisation of deepfake technology, investing in collaborative, comprehensive, and consolidated cybersecurity solutions has never been more critical.