Over the last few years, the number and severity of cyberattacks against organizations have significantly increased. These attacks come in various forms, including ransomware, distributed denial-of-service (DDoS), data breaches, insider threats and many more.
Despite the best efforts of many cybersecurity professionals to minimize these threats, it appears there will be no decrease in the threat level in 2024. As a result, cybersecurity teams are under immense pressure to reduce the risk to their organizations. They need to focus on identifying and mitigating the most significant threats that will likely occur in 2024 and in the future.
The Cybersecurity Outlook for 2023 Report
To help organizations better understand how they can minimize risk, we published a whitepaper in 2023 highlighting some trends and what can be done, much of which is still relevant today.—Download our free Cybersecurity Outlook for 2023 white paper here.
What Will Be the Biggest Threats in 2024?
In addition to the general trends and discussed in the Cybersecurity Outlook for 2023, we wanted to ask, what do industry analysts consider the most significant cybersecurity threats for 2024 and beyond? Based on recent publications and industry discussions, the list below highlights common threats your organization could face in 2024.
It’s important to note that this list is not exhaustive, and you should protect your systems and networks from other threats, including unknown and emerging threats that are likely to occur.
Common Vulnerabilities and Exposures (CVEs)
To emphasize the point about emerging threats, here is some data on the number of Common Vulnerabilities and Exposures (CVEs) that the National Institute of Standards and Technology (NIST) published in 2023. Note that CVEs get graded on a 10-point scale. Many CVEs rated 9+ on the scale can allow cybercriminals to gain unauthorized access to a network via remote mounted intrusion attacks or code executions.
As of November 2023, the total number of CVEs published in 2023 was 25,600, of which 4,467 were rated at a severity of 9 or above. This number has grown exponentially year-over-year. . The steady increase is likely from improved reporting capabilities by cybersecurity teams who are pinpointing vulnerabilities on an expanding attack surface.
Attack Surface Expansion
The trend towards hybrid work environments has accelerated the decline of the traditional network border. With a growing number of people working remotely, the increase in connected devices, the adoption of cloud-based services and the complexity of supply chains, securing your network with conventional approaches, like firewalls and intrusion-detection technologies, is no longer effective.
As a result, the concept of zero-trust has become more prominent in addressing this challenge. However, this is still not enough. Cybersecurity teams must assume that attackers will breach their defenses. As a result, it is crucial to have technology, such as Network Detection and Response to continuously monitor all network activity in real time.
The Rise of AI-Powered Attacks and Defense
Artificial intelligence (AI) is rapidly transforming the cybersecurity landscape. Both attackers and defenders are utilizing its capabilities. Cybercriminals are using AI to automate attacks, develop more complex malware and avoid detection. However, AI also provides tools for cybersecurity defenders, helping them detect threats in real time, better diagnose incidents and automate responses to issues more rapidly.
Ransomware will continue to be a significant threat to organizations of all sizes in 2024. Cybercriminal ransomware-as-a-service resources that are widely available for anyone to use have lowered the bar for entry for people looking to profit from this type of attack.
Interestingly, in 2022, moves to prevent US-based organizations from paying attackers led to a decrease in ransomware attacks against US targets. However, 2022 still had the second-largest number of attacks, and the number in the year’s final quarter was the highest since Q3 of 2021. Data from 2023 suggests that ransomware attack numbers will be similar to the previous year and certainly shows that ransomware remains a significant threat.
Individual ransomware attacks are also increasing in sophistication. During 2024, this trend will prompt organizations to strengthen their efforts and adopt more resilient cybersecurity strategies to help mitigate the impact if company defenses are breached.
Ransomware is a type of malware. Other examples of malware include:
- Wipers that work like ransomware but erase data rather than encrypt it for profit.
- Spyware that sits on systems and collects data.
- Keyloggers that record keyboard entries for attackers.
- Adware that displays unwanted ads that generate revenue for attackers.
- Trojans that mimic legitimate software to trick users into running it.
- Worms that exploit known vulnerabilities to spread between systems.
- Viruses, which are still prominent and become large-scale problems if not mitigated.
- Bots and botnets that typically disrupt systems via denial-of-service attacks.
Supply Chain Vulnerabilities
Upstream and downstream business partners in the supply chain can be a source of cyberattacks. This means that threats originating via linked IT systems—or even emails—need to be quantified and mitigated.
Phishing and Other Social Engineering Attacks
It has been reported that people are the weakest link in the security chain. This statement is not to disparage people—we all make mistakes, and this fact needs to be incorporated into cybersecurity planning. The sophistication of social engineering attacks, like phishing emails, are still successful source for gathering data for future attacks.
These attacks are becoming more sophisticated as criminals are using large language models (LLMs) like ChatGPT to compose more believable emails, dummy websites and other collateral to trick people into clicking malicious links or divulging data that they shouldn’t. Business email compromise (BEC) and targeted spear-phishing attacks will continue to be common in 2024 and beyond, as attackers target prominent individuals and their associates within organizations. We can also expect bad actors to use AI deepfake video and audio portrayals of real people to trick staff as part of phishing attacks.
Crypto scams are types of social engineering-based attacks. In crypto scams, attackers send an innocuous message to a mobile phone or messaging service to lure the recipient into a conversation. For example, “Are you still free for lunch on Monday?” Then they try to build a rapport with the recipient before asking them if they want to make some cash via crypto and luring them to a scam website that steals their money. Through the scam site, these attacks open the victim’s organization to other social engineering threats or malware.
Internet of Things (IoT) sensors and devices are expanding almost exponentially in the built environment and manufacturing. Some of these IoT devices have notoriously poor security. We’ve all heard of cases where a series of devices were shipped with the same admin account and password. One that often doesn’t get changed during deployment.
This expansion of IoT devices increases the attack surface, which introduces easily exploitable vulnerabilities. If the IoT devices have access to other network systems, this can open a back door for anyone who knows the default account settings.
Insider risks from disgruntled employees or staff paid off by attackers are still significant. Why spend time looking for vulnerabilities, when you can bribe an employee to take a malware-infected USB drive and plug it into a PC on the network? Protective measures like 24x7 NDR and zero-trust best practices to prevent malicious code spreading between systems are core to helping guard against this and other attack methods.
Delivering 100% cybersecurity protection that prevents attackers from breaching defenses is impossible. You must work hard to mitigate risks when they occur, but you also should plan for when the attackers get a foothold in your network. At that time, you need 24x7 NDR to help you spot anomalies so you can quarantine the suspicious systems. In the event the attack comes from cybercriminals, you can help resolve the attack more effectively.
Progress Flowmon has the NDR and other tools to help you quickly spot and deal with attacks. Visit the Flowmon product overview pages to read more, reach out to us to discuss your needs or get a free trial to how our solution can start protecting your networks within a day.