The passing of another year provides an opportunity to assess what has been and to examine what could happen in the coming 24 months. When it comes to the issue of cybersecurity we are in a world where change is constant, and the challenges continue to evolve rapidly.
In its annual 2024 Cybersecurity Predictions report, WatchGuard Technologies, a specialist in unified cybersecurity, revealed what its WatchGuard Threat Lab research team had identified several emerging trends. These included malicious engineering tricks targeting large language models (LLMs), managed service providers (MSPs) doubling down on unified security platforms with heavy automation, and ‘Vishers’ who are scaling their operations with AI-based voice chatbots.
“Every new technology trend opens up new attack vectors for cybercriminals,” said Corey Nachreiner, chief security officer at WatchGuard Technologies. “In 2024, the emerging threats targeting companies and individuals will be even more intense, complicated, and difficult to manage.”
According to Nachreiner, “the ongoing cybersecurity skills shortage, the need for MSPs, unified security, and automated platforms to bolster cybersecurity and protect organisations from the ever-evolving threat landscape have never been greater.”
The WatchGuard Threat Lab team’s top cybersecurity predictions made for interesting reading.
The most significant trend was as a result of companies and individuals experimenting with Large Language Models (LLMs) to increase operational efficiency, cybercriminals are now learning how to exploit LLMs for their own malicious purposes as well. During 2024, the WatchGuard Threat Lab predicted that a smart prompt engineer, and that could very well be a hacker, will end up cracking the code and manipulating an LLM into leaking private data.
Google Cloud’s global Cybersecurity Forecast agreed and suggested that LLMs and generative AI “will be increasingly offered in underground forums as a paid service and used for various purposes such as phishing campaigns and spreading disinformation.”
Another prediction is that with approximately 3.4 million open cybersecurity jobs, and fierce competition for the talent that is available, more small- to midsized- companies will have to turn to trusted managed service and security service providers, known as MSPs and MSSPs, to protect them in 2024.
To accommodate growing demand and scarce staffing resources, MSPs and MSSPs will double down on unified security platforms with heavy automation using artificial intelligence (AI) and machine learning (ML), according to WatchGuard.
For a long time, cybercriminals have been able to buy tools on the underground that send spam email, automatically craft convincing texts, and scrape the Internet and social media for a particular target’s information and connections. While these tend to still be manual and require attackers to target one user or group at a time, they are perfect for automation via artificial intelligence and machine learning.
Consequently, according to WatchGuard, AI-powered tools can be expected to emerge as best sellers on the dark web in 2024.
The impact of AI is likely to be profound in terms of ‘vishing’ with WatchGuard predicting that a combination of convincing deepfake audio and LLMs capable of carrying on conversations with unsuspecting victims will greatly increase the scale and volume of vishing calls.
However, defenders will also be able to use generative AI in threat intelligence and data analysis. Generative AI will enable defenders to take action at greater speeds and scales.
“AI is already providing a tremendous advantage for our cyber defenders, enabling them to improve capabilities and better protect against threats,” said Phil Venables, chief information security officer at Google Cloud.
Another area of concern includes quick response (QR) codes. Although they have been around for decades, mainstream usage has exploded in recent years and the analysts at WatchGuard are expecting to see a major, headline-stealing hack in 2024 caused by an employee following a QR code to a malicious destination.
Because organisations are running their data in a combination of multicloud, on-premises and hybrid environments the ability to provide comprehensive security and risk management can prove challenging and it’s likely that bad actors will look to move laterally across different cloud environments.
The costs to business
These threats are significant, and the costs associated with cyberattacks can be immense.
“According to the 2023 report from IBM and the Ponemon Institute, the average global cost of a data breach has reached $4.45 million, that’s an increase of 2% from the previous year,” said Steve Summers, Offering Manager and Security Lead Aerospace, Defense & Government at NI.
“Those should be frightening statistics to any business executive and they take into account multiple factors including damage to reputation, customer turnover, and productivity.”
Summers makes the point that IT breaches are not just a concern for CIOs and their security managers but affect the whole organisation and he warned that due to the different environments being used to store data, as mentioned previously, progress towards the integration of IT with other departments to develop a holistic approach to cybersecurity was proving to be, “painfully slow.”
An early example of how cyberattacks can inflict damage across an enterprise occurred between 2005 and 2010, with the Stuxnet assault on Iran’s nuclear program.
“The Stuxnet worm was designed to hit PLCs governing the automation of various industrial processes. In this case it infected the PLCs controlling the centrifuges used within nuclear reactors, causing them to malfunction. It hampered Iran so badly that, according to some reports, about 20% of the country's centrifuges were rendered inoperable,” said Summers.
“In effect, Stuxnet changed the game for IT security practitioners. It brought into sharp focus just how vulnerable organisations are and how the IT infrastructure shouldn’t be considered in isolation.”
While it was seen as an attack on Iran specifically – and by many as a coordinated attack by external security forces - it demonstrated the destructive potential of malware in an OT, rather than an IT, setting.
Only last year cyber-hackers have targeted Radioactive Waste Management, a UK company developing a vast underground nuclear waste store in Britain.
According to the company hackers unsuccessfully attempted to breach the business using LinkedIn as a source to identify the people who were working within the business.
Hackers are increasingly using social media sites to break through security mechanisms by, for example, creating fake business accounts, or causing recipients of emails to click on malicious links, as well as directly trying to steal users credentials for other secure logins.
Security experts Norton have estimated that there are 2,200 cyber-attacks taking place every day – that’s 800,000 people being hacked every year.
“The US itself has certainly not been immune,” said Summers. “The most famous example of a wide scale attack on home soil was the SolarWinds attack in 2020. In one of the largest cybersecurity breaches of the 21st century, hackers introduced malicious code into the SolarWind Orion IT monitoring and management system on which thousands of global enterprises and governments relied.
“This incident revealed a whole host of vulnerabilities across the US (and most of the western world). Senior managers were confronted with the reality that their systems were at risk from any sort of coordinated attack, particularly when the attackers have the resources of a nation state behind them – as appeared to be the case with the SolarWinds attack.”
According to Summers, data security is fast becoming a military-style operation.
“So there really is no surprise then that the US Department of Defense has taken the lead in developing a new, rigorous cross-organisational approach to cybersecurity.”
A military approach
Military institutions have long been a prime target for cyber-attacks and are accustomed to thwarting other security breaches.
In January 2020, the US Department of Defense introduced a new initiative that not only affected government establishments but extended to all contractors in the supply chain.
“The Cybersecurity Maturity Model Certification (CMMC) is based on the zero-trust principle. This is the process where all parts of an organisation – and all their interactions – are validated every step of the way: trust no-one and nothing is the order of the day,” explained Summers.
CMMC certification means that any companies looking to sell to any US government agency must follow a rigorous framework and certification process where every component, and their relationship with other components, are validated at every step of assembly and use.
“Adopting this approach is mandatory now for any businesses wanting to become a DoD supplier. Without an authorisation to operate (ATO), no firm is able to carry out any business with a US government agency,” according to Summers.
Comprehensive approach
The zero-trust approach is equally applicable - and increasingly necessary - outside the defence industry, but does involve significant investment and a massive cultural shift in which engineers, IT and test teams work more closely together.
“This may sound daunting, but cybersecurity is no longer solely about the computing domain,” said Summers. “There’s a whole new world of IP-connected devices, not to mention other facilities that may be vulnerable, such as air conditioning systems. Remember Target? Malware loaded inadvertently by a small HVAC contractor was used to steal customers’ financial details and transfer the information to hackers in Eastern Europe, a breach which cost the retailer an estimated $202 million.
“The bottom line is that there are no longer any safe areas – everywhere within an enterprise is now at risk of criminal incursions.”
Summers makes the point that the threats don’t stop by implementing exemplary cybersecurity within your own organisation. There’s now a requirement to extend cybersecurity strategies to include external contractors.
“They also need to be closely monitored to ensure compliance and that they are rigorously guarding any sensitive information.”
For example, it is critical for IT to be involved in the testing stages to ensure contractors build cybersecurity into chips, components, and systems from the outset.
“NI is currently one of only a few providers that understood that it would be critical for testing solutions to be CMMC-compliant and made the appropriate investments early in the rollout. As more enterprises outside the defence sector adopt the zero-trust approach, others in the supply chain will be encouraged to make the necessary investment in cybersecure business practices,” according to Summers.
Securing the future
The risk of cyber-attacks is not going to go away - security breaches on enterprise organisations increased by 27.4% in 2023.
As a result, the global cost of cybercrime is currently estimated at $6 trillion per year, and this figure is predicted to rise to $10.5 trillion annually by 2025.
It is therefore essential that every enterprise invests in developing a more robust and comprehensive approach to cybersecurity. The cost of implementation, while significant, is unlikely to come close to the cost of a data breach: not only in terms of financial loss, but also in loss of business and loss of reputation.
The CMMC zero-trust model provides a reliable framework on which to build, but it is a work-in-progress. New challenges are arising all the time, including the rise in remote working and the growing use of cloud storage. In our new, zero-trust world, beating the hackers involves the whole supply chain, and engineers, testing teams, IT professionals, and testing providers must all be connected to ensure cybersecurity.