As we welcome the arrival of 2024, reflecting on the lessons from 2023 and the evolving threat landscape, it becomes crucial to discern the persistent trends that shaped the previous year.
The tenacity of cybercriminal tactics, notably the prevalence of ransomware, exploitation of vulnerabilities, credential theft, and supply chain attacks, marked 2023. What unifies these diverse attacks is their remarkable effectiveness.
In light of this, it is imperative to contemplate the potential continuance of these trends into 2024 and formulate strategic approaches for businesses to counteract emerging cyber threats effectively.
Between Persistent Trends and Evolving Cybercrime Tactics
In 2024, the threat landscape is not expected to change radically, particularly about attack typologies and criminal tactics and procedures. Criminal groups still primarily focus their attention on financial gains, and ransomware remains their weapon of choice. These cybercriminals tend to take the easy way out by opportunistically attacking unpatched security vulnerabilities.
The recent Citrix Bleed attack demonstrated the agility of cybercriminals when it comes to quickly and effectively exploiting these new vulnerabilities. However, once patches are applied to these vulnerabilities, cyberattackers tend to revert to more common strategies of stealing credentials or, failing that, cookies or session cookies, which, while slightly slower, constitute a proven means that allows them to penetrate within a system.
In 2024, however, we should expect increased sophistication in defence evasion tactics, particularly due to the generalization of certain technologies such as multi-factor authentication. These attacks will combine malicious proxy servers, social engineering techniques, and repeated authentication request attacks, or “fatigue attacks.”
AI and Regulations will Continue to Shape Cybersecurity
In 2024, the development of AI will have a positive impact on the efficiency of IT teams and security teams by enabling them to strengthen defences and work more efficiently, including through the processing of vast volumes of data to detect anomalies. It should make it possible to respond more quickly in the event of an incident.
Indeed, analysis of attacks in 2023 showed a shortening of the time between network penetration and the triggering of a final attack using malware or ransomware. The need for rapid detection and response tools to prevent costly incidents is therefore essential.
Finally, regulatory developments could significantly influence measures taken against ransomware. The need to take more substantial measures could push some states to penalize the payment of ransoms, which would represent a brake on malicious actors and change the perspective of companies in the event of an attack.
Other stricter legislation, such as the implementation of the European NIS2 Directive, is also expected to force companies to take additional measures, particularly regarding their abilities to collect data sets.
To protect themselves against increasingly rapid, effective, and costly attacks, companies must strengthen their defences by equipping themselves with tools that allow them to detect and respond to incidents more quickly.
The worsening cybersecurity talent shortage does not appear to be as serious as some studies claim. On the contrary, companies have implemented more lax hiring criteria and more open-mindedness in the recruitment process.
From this perspective, to guarantee their survival in a constantly evolving threat landscape, companies have every interest in establishing partnerships with cybersecurity experts whose main mission is to make the hyperconnected world safer and to advise and assist them. in setting up effective defences.
By Chester Wisniewski, Director, Global Field CTO, Sophos
