The evolving threat landscape in 2024: AI takes centre stage

In 2023, we saw the increasing adoption of AI in both offensive and defensive cybersecurity strategies. In 2024, AI-driven threat actors will become more sophisticated, and organisations will dedicate more resources and AI-driven tactics to stay ahead of these evolving threats. 

In this article, researchers from Aqua Nautilus share their views on what we can expect to see in 2024 as AI becomes the profound battleground for cybersecurity.

Navigating AI as a double-edged sword

Yakir Kadkoda, Lead Security Researcher, says: “As we look towards the future, specifically the next 12 months the cybersecurity landscape is predicted to encounter a significant shift due to the strategic incorporation of artificial intelligence by cyber attackers. The anticipated emergence of ‘Package Illusion’ attacks will likely be a prominent example of this shift. These attacks will use AI to manipulate software dependency chains, leading developers to inadvertently introduce vulnerabilities into their applications.

This tactic is expected to be part of a broader trend where AI is not just a tool for defence but a weapon in the attacker’s arsenal. By exploiting the trust developers place in automated dependency management and suggestion systems, attackers can create a new class of supply chain vulnerabilities that are challenging to detect and mitigate.

In 2024 these AI-driven attacks will become more common, forcing the cybersecurity industry to innovate rapidly. The cybersecurity community will need to prioritise the development of new standards and best practices for AI security, focusing on resilience against AI-powered threats. Collaboration across industries and borders will be vital to develop shared defences against these emerging threats.”

The rise of userland execution methods in cloud security 

As the cloud computing landscape continues to expand, so does the sophistication of attacks within its perimeters. Idan Revivo, VP Cybersecurity Research, says: “We see today the early signs of state sponsored threat actors finding novel sophisticated techniques and methods to execute code directly in user space memory without triggering the execve syscalls that are commonly monitored by security systems, thus skirting traditional detection mechanisms.  

In that sense we are anticipating a notable shift in tactics from cloud attackers, who are increasingly likely to employ userland execution methods. In response to these advanced evasion techniques, the cybersecurity industry must pivot towards more nuanced behaviouralsecurity measures. These include deploying AI and machine learning algorithms capable of understanding normal user behaviour and identifying anomalies, as well as enhancing memory scanning and process monitoring technologies. Such proactive and intelligent systems are essential to detect and mitigate threats that bypass conventional detection frameworks, ensuring robust security in the ever-evolving cloud ecosystem.”

AI-enhanced threats intensify: the democratisation of cyber crime

Asaf Eitani, Security Researcher predicts the landscape of cyber threats will become more treacherous due to the advancing use of AI in code writing and the dissemination of malicious techniques and says: “AI-driven tools are increasingly capable of writing complex code, which can be repurposed by malicious actors to craft sophisticated malware and exploit programs with speed and efficiency that was not previously possible. This lowers the bar for entering into cybercrime, as even those with minimal programming expertise can now harness AI to generate attack vectors. Furthermore, AI systems can rapidly assimilate and improve upon known attack methods by scouring through forums and code repositories, making the learning curve for executing advanced threats much less steep. This democratisation of sophisticated attack capabilities through AI means that we can expect a proliferation of advanced malware, potentially leading to more frequent and more potent cyber attacks in the near future.”

The new frontier of runtime security with eBPF technology

Alon Zivony, Security Researcher, draws attention to the utilisation of eBPF technology that continues to proliferate, with notable market entrance. He explains: “Various enterprises and emerging startups, such as Raven (raven.io), Kodem, and Flow, have incorporated eBPF for enhanced observability within their operational frameworks.

As eBPF gains broader adoption across diverse industries and a myriad of products, it is foreseen that the landscape will witness a heightened prevalence of eBPF deployment assessments, evasion and disabling tactics. This trend is likely to emerge as a response to the growing significance of eBPF in runtime security, thereby necessitating more rigorous security measures and proactive threat mitigation strategies.”

AI threat Intelligence for proactive cloud security

Yaara Shriki, Security Researcher, anticipates by 2024, the integration of AI in threat intelligence within cloud security will have revolutionised the identification and mitigation of cyber threats. He says: “Utilising machine learning algorithms to analyse vast datasets from various sources, AI will not only detect real-time attacks but also predict future threats by recognising patterns and anomalies indicative of malicious activity. This capability will enable organizations to shift from a reactive to a proactive security stance, constantly updating and refining their defence mechanisms in response to the ever-evolving cyber threat landscape. As a result, cloud environments will benefit from a more robust and dynamic security posture, with threat intelligence becoming an invaluable asset for anticipating and countering sophisticated cyber attacks.”

Closing the gap for advanced cloud native security

Assaf Morag, Data Analyst Lead, summed up the Team Nautilus predictions with these thoughts. “In cyber threat intelligence, our goal is to attribute various campaigns, tools, and techniques to specific threat actors and groups. As opposed to cloud native, in threat research areas such as fraud, financial campaigns, and geopolitical intelligence, the discourse is somewhat more advanced, with a deeper knowledge and understanding of the threat actors involved.  

However, in the cloud native space, this discourse has not yet reached the same level of maturity. We lack a wealth of data and detailed information on the tools, tactics, techniques, and procedures (TTPs) of threat actors, as well as insights into their structure, goals, and motivations. Although there are excellent analyses of threat actors like Kinsing, TeamTNT, and Group 8220, there are still gaps to fulfill and there remains, at the very least, a significant knowledge gap regarding state-sponsored threat actors targeting cloud native environments.  

Looking ahead to 2024, we expect a significant maturation in the discourse surrounding threat actors and groups in the cloud. We anticipate a more thorough analysis and understanding of the methods threat actors use in the cloud and their developing techniques. 

Aqua Nautilus focusses on cybersecurity research in the cloud native stack and catches more than 80,000 cloud native attacks every month, specifically those unique to containers and microservices that other platforms cannot see.