Peeking into the crystal ball: What 2023

cyber threats told us about 2024

Source : Peeking into the crystal ball: What 2023 cyber threats told us about 2024 | Rapid7 Blog

Last updated at Tue, 12 Dec 2023 19:05:08 GMT

By Raj Samani, SVP Chief Scientist, and Sabeen Malik, Vice President,

Global Government Affairs and Public Policy at Rapid7

Stepping into 2024 feels like opening the latest best-selling mystery novel – you

know there's adventure ahead, but the plot is still up in the air.

In the twist-riddled world of cybersecurity, we can't help but ask, What's next on

the digital horizon? Sure, every business would like 2024 to be “less surprising”

in terms of cyber threats, but let’s be honest, that’s not going to happen.

Even though we’re surely in for more than a few surprises in the coming year,

there are ways we can be better prepared. So sit back and relax as we venture

through some insights we’ve gained in 2023 and offer ways you can put them

into practice in the coming year.

Prediction 1: Ransomware actors burning through

zero-days

RDP (remote desktop protocol) has long been the initial entry vector of choice for

ransomware groups, closely followed by the less-so sophisticated email.

However the MOVEit and SysAid campaigns show change is brewing.

Rapid7 has observed an increasing number of zero-day vulnerabilities being

exploited by ransomware groups, and it’s unlikely this trend will abate. Forget the

mindset that ransomware actors just go after “the low hanging fruit”; they are

now exploiting zero-day vulnerabilities at mass scale.

This trend is seeing criminal groups that to date have not demonstrated any real

capable skills in gaining access to previously unidentified vulnerabilities, exploit

them and gain a foothold into victim networks. This demonstrates that potentially

something is afoot in the ransomware ecosystem. For organizations, the

message is simple: get your vulnerability management and patching procedures

in place and do it now. Being proactive when it comes to dealing with

vulnerabilities that are being exploited in the wild is imperative.

Prediction 2: Cyber Risk and Vulnerability

disclosures will lead to consolidation around better
risk management practices.

With the growing number of regulatory disclosures for cyber risk management

practices and incidents, the emergence of GenAI as a potent tool for cyber

attacks, more ransomware hijacks, and the lack of common lexicon around cyber

risk, businesses are truly going to have to spend more time than ever

determining their risk profile, and subsequently thinking about the tools and

services that they will need to address the risks.

This means that more leaders will be deciding between whether to deal with

compliance risk mitigation and/or creating agile cyber risk management

strategies. The leaders that understand this moment as a rallying call to uplevel

the conversation about systemic risks will set their business up for success by
not getting sidetracked by playing compliance whack-a-mole, but by investing in

a strategic vision for dealing with cyber business risks. Those businesses will

also be able to withstand the scrutiny related to more global requirements for

disclosure of both cyber risk management and cyber incident response and

procedures. More disclosure may not necessarily lead to clarity in the short term

on what are best practices, but over the long term we will see more consolidation

on best practices on cyber disclosures and risk management practices.

At the same time, governments will also be struggling to find the right balance on

how to incentivize risk management rather than compliance risk mitigation

whack-a-mole if they continue to introduce regulations that are not driven by

harmonization around best practices and product security instead of first to

market on regulations.

Here's the catch: as regulations become more comprehensive, they may

inadvertently nudge the industry towards a more consolidated structure - a

double edged sword.

Prediction 3: Growth of real-time information

sharing within global public-private cyber
partnerships

The regulatory dance floor will definitely become more crowded in 2024,

especially with AI cutting in.

This new dance partner will be adding to the complexity of tools needed to deal

with cyber risk mitigation and will lead to more robust and global public -private

partnerships. We might see something like a global cybersecurity flash mob in

2024. Instead of just sharing the usual threat intelligence of cyber threats and

cyber risks, governments and businesses will join hands to share threat intel,

resources and bolster defenses in concentrated ways to deal with specific

threats. Ultimately, moving beyond the historical PPP’s of quarterly meetings, to

a more real-time sharing approach in order to deal with the diminishing timelines

between initial entry vectors to final stage payloads.

It will be interesting to see if more action oriented partnerships bolster capacity

and cyber defenses. In order for such an approach to be successful, a mentality

of “information sharing” and an open door of communication must be developed.

Prediction 4: Cloudy with a chance of threats

The cloud will continue to be a critical cyber battleground. And in the coming

year, an emerging concern will likely be the misuse of commercial cloud service

providers (CSPs). That’s because cybercriminals are no longer relying on known

command-and-control servers; instead, they're turning to commercial CSPs for

cover to host malicious content.

It’s a clever trend, and it comes back to the game of hide-and-seek, with

attackers exploiting the cloud's anonymity and legitimacy, and blending their

activities with legitimate services. Combatting this threat requires more

innovative solutions, such as those leveraging AI and advanced automation

techniques — as well as heightened vigilance — in the cloud. Organizations

need advanced risk scoring across cloud environments, so security teams get

complete visibility that eliminates blind spots and enables them to effectively

prioritize remediation actions.

Prediction 5: AI and automation will be table stakes

As mentioned in prediction 4, innovations in AI and automation promise to

effectively address an ever-increasing volume of attacks. Seeing threat

intelligence is one thing, but it’s a completely different ball game to be doing

something about it. This is where more automated responses come into play.

With AI coming and more advanced automation techniques, the majority of

detection and remediation or prevention work will occur automatically.

But, let's not get ahead of ourselves. The inevitable rush to market for some

solutions means that some AI capabilities will miss the mark. Therefore,

organizations that adopt AI solutions must ensure that they truly improve cyber

resilience without presenting new cyber risks.

Over the next year, a growing AI use case will be the use of AI synthetic media

(i.e., deep fakes) and identity management. Governments will have the challenge

of navigating the tricky space between the problematic use case of biometric

technology and synthetic media, while businesses will have to understand how to

manage the risks with identity and access management.

Be ready for 2024

So, there’s our bird's eye view of what the cyber landscape could look like in

2024. But as always, there will be many shifts, evolutions, and transformations in

the new year, some unprecedented and some expected. Regardless,

practitioners must stay on their toes, remain vigilant, and aim for resilience.

Here's to a more prepared, secure — and less stressful — 2024.