AI Phishing & Mobile Scams: Brace for a Rogue Rise in 2024 Cybersecurity Threats (GCP Forecast)
Google Cloud has released its annual Cybersecurity Forecast report for 2024, compiling forward-looking thoughts from security leaders and experts from different teams across Mandiant, Google Cloud, and VirusTotal, who are on the frontlines of the latest and largest attacks. Aiming to empower the cybersecurity industry, this comprehensive report provides essential insights and strategies to frame the fight against cyber adversaries in the year ahead.
While new technologies will aid security teams, they can also expand the attack surface. In 2024, the rapidly evolving world of generative AI will provide attackers with new ways to conduct convincing phishing campaigns and information operations at scale. However, defenders will use the same technologies to strengthen detection, response, and attribution of adversaries – and, more broadly, reduce toil, address threat overload, and close the widening skills gap.
The cybersecurity landscape is constantly evolving, sometimes in new and unexpected ways. Defenders, often with limited resources, have the monumental task of keeping up. Here are some of the key takeaways from the Google Cloud Cybersecurity Forecast 2024 to help prepare for the year ahead:
- AI for attack and defense: AI is set to revolutionize cybersecurity for attackers and defenders. Attackers are expected to leverage generative AI and large language models to create more sophisticated phishing and social engineering tactics and add scale to information operations. Defenders will utilize AI to enhance threat detection, response, and attribution capabilities, speed up analysis, and other time-consuming tasks like reverse engineering.
- Continued use of zero-day exploits: An increased reliance on zero-day vulnerabilities by attackers is anticipated by both nation-state and cybercriminal groups, aiming to evade detection and maintain prolonged access to compromised systems. Edge devices and virtualization software are particularly attractive to threat actors because they are challenging to monitor. Cybercriminals know using a zero-day vulnerability will increase the number of victims and, based on recent mass extortion events, the number of organizations that may pay high ransomware or extortion demands.
- Growing prevalence of mobile cybercrime: Expect an increase in mobile cybercrime, with scammers using advanced and novel social engineering tactics like fake domestic help services, counterfeit social media, bank, or government communications, and deceptive pop-up alerts to trick victims into installing malicious apps on their mobile devices. Jongman adds: “This type of social engineering has grown rapidly across the Middle East in recent years, and while governments and organizations are already taking measures to protect their customers, this threat is likely to grow both in volume and sophistication across the region.”
- Maturing of attacks targeting hybrid and multi-cloud environments: With organizations worldwide moving to the cloud, threat actors will look to exploit misconfigurations and identity issues to move laterally across different cloud environments.
- Escalating espionage and “sleeper botnet” tactics: Espionage activities will evolve and find more ways to scale, including using “sleeper botnets” from vulnerable IoT and small/home office or end-of-life devices. These botnets can be used and discarded as needed, complicating attribution efforts.
- Resurgence of older attack techniques: There is an expected revival in using older, less common cyberattack techniques that aren’t widely understood. These methods, often overlooked in modern detection systems, could provide attackers with a stealthy means to breach defenses.
