The year ahead presents cybersecurity defenders with a host of new challenges as threat actors continue to evolve their tactics, writes Zaheer Ebrahim, solutions architect at Trend Micro MEA, who shares the top insights from the security specialist’s latest research – and the cybersecurity developments that are on his radar for the year.
Last year saw a great deal of change within the tech industry, most notably the continued development of artificial intelligence (AI) which dominated conversations to the point that “prompt” was dubbed a finalist for the Oxford Word of the Year 2023. The discussions around AI are no less significant in the cybersecurity industry, with 2024 expected to usher in important changes around how organisations will protect themselves and their assets in the future.
AI is, of course, not the only change organisations need to keep an eye on this year. As enterprises have continued to digitise, the cloud and Web3 technologies have come to the fore as they consistently demonstrate their value to business growth. However, it’s these new solutions that also present new opportunities for cybercriminals. In Trend Micro’s latest report – Critical Scalability – we’ve found that the transformative potential of these tech breakthroughs will reach their peak in 2024 and present organisations and their cybersecurity teams with new battlefronts.
Closing the security gap in cloud environments
Cloud adoption among organisations in South Africa has grown exponentially in recent years. At the same time, this has expanded the attack surface and organisations will need to ensure that as their IT infrastructure has transformed, so too have their security parameters.
Trend Micro’s latest research shows that cloud environments will become the playground for tailor-made worms built to exploit cloud technologies. Threat actors do this by using misconfigurations as easy entry points. One study by the Open Worldwide Application Security Project (OWASP) found that misconfigurations ranked among the top API risk for organisations. Worming capabilities have the potential to set off rapid propagation in cloud environments due to the interconnectivity of the cloud.
The ideal approach to any cloud migration journey is to ensure cybersecurity is considered every step of the way. This requires security teams to look beyond the usual malware and vulnerability scans, and to proactively evaluate cloud environments in anticipation of these worm attacks.
Protect data to defend ML models
Data poisoning cloud-based machine learning (ML) models is an emerging threat, but will grow in prominence in 2024. Defenders will have to contend with an expansive attack surface as a weaponised ML model can open the floodgates to severe consequences such as divulging confidential data for extraction, writing malicious instructions, and providing biased content that could lead to user dissatisfaction or potential legal repercussions.
While ML models are still an expensive integration for many businesses, 69% of IT leaders consider ML integration a top priority for operations. With this in mind, it will be crucial for those who do deploy this technology to validate and authenticate training datasets to prevent an attack. Companies might opt to cut costs by taking their algorithms off premises but, because the data is sourced from third-parties, this can leave an ML model vulnerable to data poisoning.
Generative AI gives cybercriminals an advantage
AI continues to be a tool that aids the fight against cybercriminals, but it is also one used by bad actors themselves. In the case of social engineering scams like spear phishing, harpoon whaling, and virtual kidnapping generative AI has been key in increased success rates for criminals. This, however, is just the tip of the iceberg with 2024 expected to bring with it more advancements in this kind of attack. Voice cloning has already started to make its way into the toolkits of criminals for identity theft and social engineering.
While the malicious large language model (LLM) WormGPT was shut down in August last year, it’s unlikely we’ll see the last of this type of tool. Cybercriminals often pivot quickly to alternatives and AI researchers have demonstrated that it’s possible to trick generative AI systems into circumventing their own censorship rules.
Widespread legislation has yet to be passed on generative AI, but it is possible to be proactive about protecting your organisation. Implementing zero-trust policies and encouraging employees to have a vigilant mindset will help to protect an organisation against attack.
The soft spot in supply chain software
Supply chains continue to be an attractive target for cybercriminals. In fact, Trend Micro found that more than half (52%) of global organisations had supply chains disrupted by ransomware. Many of the IT leaders surveyed expressed concern about the high risk their company faced due to their network of partners and customers.
It’s expected that these attacks will infiltrate vendors’ software supply chains through their continuous integration and continuous delivery (CI/CD) systems. Ambitious threat actors are more likely to strike at the source and target the code on which IT infrastructures are built. We expect these attacks to be focused on third-party components like libraries, pipelines, and containers resulting in credential harvesting, resource hijacking, cryptomining, and distributed denial-of-service (DDoS) attacks.
Taking proactive steps to protect an organisation’s CI/CD systems can help reduce the risk of an attack. These include implementing application security tools that can quickly recognise suspicious behaviour, deploying these protections across the entire CI/CD pipeline, conducting in-depth research and scans on libraries and containers before use, and monitoring any external dependencies for hidden vulnerabilities.
Extortionists turn to blockchain
Private blockchains have become popular among enterprises looking to lower their costs in areas like supply chain management and intra-company accounting. These systems, however, are not put under the same stress tests as their public counterparts and are not as resilient as a result. Cybercriminals running extortion schemes see this as a significant advantage and will seek to exploit this in 2024.
Because operators of private blockchains can modify, override, or erase any entry attackers will aim to seize the administrative rights. With this access, they can write malicious data, edit existing records, and encrypt the entire blockchain to prevent it from working until a ransom is paid.
As with all novel technologies like blockchain, it takes time to develop competencies to run and manage the solution internally. Organisations will have to rely on external providers for this function and opt to work closely with their vendors to manage security.
Tech solutions like blockchain, AI and ML all have the potential to support organisations on their digital transformation journeys and uncover more opportunities for growth. However, it’s vital that business leaders ask the important questions around security to ensure that these new tools don’t create more vulnerabilities and open a company’s defences to a cyberattack.
Safeguarding digital assets, confidential data, and the entire organisation’s tech infrastructure should be considered at every step of deployment. A strong security posture that supports the business and its operations is invaluable when it comes to future-proofing an organisation.