Risk Management
Smarter, Meaner, Sneakier: Security Trends for 2024
Learn how hackers are getting smarter, ruder, meaner, and sneakier and what to do about it with this overview of cybersecurity trends in 2024.
Forecasting cybersecurity trends accurately depends on having good insight into what’s happening today. Looking into 2024 with that in mind, a handful of current factors seem especially poised to influence the year to come.
Rapid advancements in generative AI have paved the way for new or enhanced cyberthreats. Ransomware remains on the rise—with data exfiltration as a high-value objective—while supply chains find themselves more and more in criminals’ crosshairs.
The business of cybercrime have also evolved. The adversary underground has matured into a sophisticated ecosystem of small, mid-sized, and large organizations. Cyberattacks have become increasingly weaponized for warfare, as witnessed prominently in the Ukraine conflict.
None of this is escaping the notice of governments or insurance companies. Organizations face new laws and regulations, particularly around AI, and are increasingly tailoring their security practices to the requirements of cyber insurance providers so they can qualify for coverage.
Against that backdrop, Trend Micro has identified five cybersecurity trends that stand to challenge organizations’ cyber defenses in the coming year, all highlighted in our 2024 security predictions report:
- Cloud-native worms targeting cloud environments
- Data poisoning of machine learning (ML) and AI systems
- Supply chain attacks on CI/CD systems
- Generative AI-boosted social engineering scams
- Blockchain exploitation
Cybersecurity trend 1: Cloud-native worms will exploit security gaps in cloud environments
Automation is as essential to productivity for cybercriminals as it is for legitimate enterprises, and worms are a particularly potent form of automated cyberattack. That’s partly because they’re highly destructive and partly because their whole reason for being is to propagate, which makes them very hard to contain.
As cited in our 2024 predictions report, one survey found at least 60% of surveyed companies’ Kubernetes clusters experienced malware attacks last year. Since the cloud is ultra-connected and rife with vulnerabilities and misconfigurations, it’s an ideal environment for worm attacks and will undoubtedly see more of them in the months ahead.
Cybersecurity trend 2: Data will be weaponized against cloud-based ML models
Since AI and machine learning depend on training data to build their models, compromising that data is an obvious way for bad actors to poison AI/ML systems. Some organizations have countered this so far by training to private datasets only, not public inputs. Yet growing numbers of enterprises are turning to sourced data from third parties to get on the AI bandwagon while keeping costs down, which could make them vulnerable.
Compromising AI/ML systems can open up opportunities for exfiltration, extortion, and sabotage, making this weaponization of training data a powerful prospect for cybercriminals.
Cybersecurity trend 3: Supply-chain attacks will test the resilience of CI/CD systems
According to Trend Micro research, 52% of global organizations had their supply chains attacked by ransomware last year. Continuous integration/continuous delivery (CI/CD) software development supply chains are a particularly appealing target because of the access they give to large numbers of potential victims via island hopping. Bad actors who hack software developers in the CI/CD pipeline can inject malicious code that undermines the whole IT infrastructure and affects virtually every connected party. The appeal of that scope and scale makes software supply chain attacks another cybersecurity trend to watch out for in 2024.
Cybersecurity trend 4: Generative AI will level up social engineering lures in targeted scams
Faced with conventional phishing schemes and other social engineering attacks, cybersecurity teams have at least had the advantage that many if not most phishing emails and texts are conspicuously fake if people know what to look for. Cybersecurity-aware users can watch for spelling and grammar errors, voice and tone slips, wonky URLs, and suspicious email addresses and pick out suspect messages.
Generative AI changes that situation more or less completely—as Trend Micro Global Security and Risk Strategist Shannon Murphy pointed out in a great presentation at AWS re:invent last December. Not only can generative AI produce fake messages that are error-free and seem authentic, but it can also do so in multiple languages and embed all manner of links, QR codes, and contact numbers to misdirect unsuspecting targets. This is bound to drive an increase in business email compromise (BEC) attacks and, soon enough, audio/video deepfakes as well.
Cybersecurity trend 5: The blockchain will serve as fresh hunting grounds for extortion schemes
The last of the cybersecurity trends outlined in our predictions report focuses on private blockchains. While these attacks may not be so widespread in 2024 since blockchain itself hasn’t gone totally mainstream yet, more organizations are looking at cost-effective private blockchains to manage internal financial transactions both locally and in the cloud. As they do, attackers will be watching and waiting to exploit gaps and vulnerabilities that give them administrative rights they can misuse to wreak havoc and reap gains. Presuming that blockchain’s promise of tight data integrity means it is also highly secure would be a serious misstep for enterprise adopters.
How to prepare for the future of cybersecurity
What can organizations do to protect themselves against these complex and evolving threats? In each case, fortunately, there are practical steps that can be taken—ways of protecting data, devices, and the overall technology infrastructure while continuing to enable connectivity-driven business goals. The keys to any effective defense strategy are protection at all points of the attack life cycle and multidimensional security built on good threat intelligence.
For additional detail on the coming year’s cybersecurity trends and what can be done about them, download the full Critical Stability predictions report and watch for more posts on these topics in the weeks and months to come.
Next steps
For more 2024 cybersecurity predictions, check out the following resources: