10 tips for cyber resilience in 2024
Understanding why threat actors do what they do helps illuminate how they will behave in the future.
As the cyber threat landscape continues to evolve year over year, it is pivotal to monitor trends and track their impact on the global cyber ecosystem. Attempting to understand why threat actors do what they do helps us begin to uncover how they will behave in the future. This level of attention and understanding is necessary in order to maintain cyber resilience against new and emerging threats.
My experience helping clients build an environment that can withstand a cyber incident over the years has taught me to expect the unexpected. However, my colleagues and I still know the importance of closely monitoring data and trends and making informed predictions about the future state of cyber risk. Our enhanced visibility into the threat landscape and the expertise of our security and insurance teams enabled us to compile the following list of ten cyber predictions for 2024.
No. 1: Adversaries will continue to leverage Large Language Models (LLMs) to accelerate the time to ransom.
Cybersecurity experts predict that in 2024, adversaries will continue to leverage Large Language Models(LLMs) to accelerate human engineering tactics and time to ransomware attacks. According to a report by NordVPN, there is increased interest by potential criminal actors as the volume of posts regarding ChatGPT in DarkWeb forums has increased 145% from January to February 2023.
LLMs can be leveraged to create more convincing and effective social engineering or phishing attacks. They can also be used to impersonate organizations or individuals and create fictitious engagement on social media platforms. LLMs such as ChatGPT and others designed by legitimate companies include safeguards to prevent malusage. However, research by Google has shown that these safeguards have many ways to be bypassed.
The future of social engineering attacks will require a heightened level of vigilance on a human level. More sophisticated training and stronger email security measures will be required to replace traditional mitigation measures, such as searching for spelling errors or disfigured company logos.
No. 2: Attacks against identity providers will increase.
According to Crowdstrike, in 2023, 80% of cyberattacks leveraged identity-based techniques to compromise credentials. Their Global Threat Report shows that threat actors are “doubling down on stolen credentials,” with a 112% year-over-year increase since 2021 in advertisements for access-broker services identified in the criminal underground. This increase can be attributed to the expansion of cloud usage and remote work in most organizations today. Increased digitization and volumes of online identities lead to an increase in identity-based attacks.
In 2024, not only are identity-based attacks going to continue to be a leading tactic, but identity providers themselves will grow as targets. Infiltrating identity provider networks can have a sprawling impact on thousands of organizations and millions of individuals. We saw this happen with the recent Okta attacks, which threat perpetrators claim was linked to the ransomware attacks against MGM in September. Experts predict that the success of incidents like this one will lead to an increased trend of attacks against identity providers in 2024.
No. 3: Threat actors will continue to target third-party vendors to scale their attacks.
Trends we’ve seen throughout 2023 will continue and potentially ramp up as the success of third-party vendor breaches fund cybercriminal activities. Third-party risk poses massive challenges to companies, particularly within the supply chain. Data from Resilience’s Mid-Year 2023 Claims Report showed that third-party breaches had become our top point-of-failure and cause-of-loss within our client base throughout the first half of 2023.
As this type of attack gains significant traction, it will be imperative to converge vendor risk and internal risk, managing them holistically and taking vendor risk as seriously as internal risk. Ensuring vendors align with your security requirements will be a key component in building resilience against supply chain breaches and limiting the scope of these incidents. As the third-party risk environment grows increasingly challenging, quantifying the real impact of a cyberattack, business continuity challenges, reputational concerns, and more will be imperative to manage third-party risks in 2024.
No. 4: LockBit will remain the dominant ransomware gang for a fourth consecutive year.
LockBit has been the dominant ransomware gang for the last three years, and this will not change in 2024. Within Resilience’s client base, LockBit has consistently ranked among the top three most active criminal groups. According to the threat intelligence group Flashpoint, LockBit is responsible for 27.93% of all known ransomware attacks from July 2022 to June 2023 and can be considered the most well-organized ransomware-as-a-service group in the world. They employ administrators, developers, and a full cybercrime infrastructure that has helped them carry out approximately 1,700 attacks in the US and earn around $91 million in extortion payments since they were first observed in early 2020.
In 2023, LockBit had more than twice as many victims as the two other top ransomware groups, CL0P and BlackCat, respectively. Their continued high volume of victims makes them the world’s “most active” ransomware group. In 2024, it is more than likely that LockBit will maintain this status. However, as organizations grow more resilient to making ransom payments (noted in Resilience’s Mid-2023 Claims Report), LockBit may struggle to remain profitable in the upcoming year. Despite the state of the ransomware economy, reducing LockBit’s success by maintaining security infrastructure against ransomware extortion will be a key focus in 2024.
No. 5: State-backed threat actors will continue to leverage zero-day vulnerabilities.
State-backed threat actors enacting sophisticated cyber attacks that target national security are a growing threat. Conflicts like the recent war against Ukraine have spawned an uptick in “cyber warfare”- committing cyber attacks to push a political agenda or pervade war tactics against a nation. These attacks present a growing threat to national security, targeting critical infrastructures such as information technology, education, think tanks, and more.
State-backed threat actors often rely on zero-day vulnerabilities to initially breach networks. Cybersecurity firm Mandiant reported that in 2022, 80% of zero-day exploits were caused by state-sponsored threat actor groups. Mandiant defines a zero-day as a vulnerability by their ability to be exploited in the wild prior to a publicly released patch. These attacks are popular as they allow cybercriminals to gain access to a network and move within it before a patch or workaround to the vulnerability is created. Often, these vulnerabilities aren’t even found prior to exploitation.
As modern warfare begins to rely more on cyber attacks to gain momentum and military advantage, close monitoring for zero-day vulnerabilities, particularly within critical infrastructure, will be essential to keep countries resilient against cyber warfare in 2024. No. 6: Data privacy violations will arise from the insecure deployment of LLMs in SaaS products.
New AI capabilities, such as the use of Large Language Models (LLMs) within digital and SaaS products, are revolutionizing the way consumers interact with online products. However, in the rush to deploy the latest AI technology, concerns about adversarial attacks that could cause these models to share data inadvertently are being overlooked.
LLMs such as OpenAI’s ChatGPT have data retention policies that may not align with the data handling strategies upheld by organizations. LLMs rely on user data and sometimes share this data with third parties, creating a security gap between the language models and organizations that use them.
Maintaining the privacy of data that is processed through LLMs presents a unique challenge. Tactics such as data obfuscation, sandboxing a controlled computational environment, or refining data sets to exclude confidential information can be used to mitigate this risk while LLMs navigate data privacy regulations and become more ingrained in modern security solutions in the future.
No. 7: Politically motivated disinformation campaigns created through AI and coordinated with data breaches of fake information will increase.
The creation of large language models and AI has led to more convincing phishing messages, and the use of these LLMs to push malicious agendas will continue to ramp up in 2024. As the US and UK both face upcoming elections, the risk of politically motivated disinformation campaigns created through AI is alarming. “The general ability of these models to manipulate and persuade, to provide one-on-one interactive disinformation is a significant area of concern,” said Sam Altman, CEO of ChatGPT, at a congressional hearing in Washington in May 2023. “Regulation would be quite wise: people need to know if they’re talking to an AI or if the content that they’re looking at is generated or not.”
As of late 2023, no such legislation exists. However, in June, Senate Majority Leader Chuck Schumer announced an innovation framework supporting five pillars to “encourage domestic AI innovation while ensuring adequate guardrails to protect national security, democracy, and public safety.” This framework is to be discussed at AI Insight Forums, featuring Senators, AI experts, civil rights and consumer groups, and more. Their first meeting was held on Sept. 13, 2023, with plans to draft legislation within “the next few months.”
No. 8: Expect a continued increase in privacy regulation across the U.S.
Data privacy laws in the United States saw massive expansion in 2023, as the US made efforts to establish something similar to the European Union’s General Data Protection Regulations implemented in 2018. Working to pass the American Data Privacy and Protection Act, six state legislatures implemented data privacy laws in 2023 to help organizations manage regulatory challenges with compliance and operational and financial cyber risks. While this is good news that implies the severity of cyber incidents is being taken seriously, this also means that compliance requirements for experiencing an incident are now more stringent and could result in high fees if the organization is uninformed.
Heading into 2024, insurance experts believe that we will continue to see more states take action to implement data privacy regulations. As the modern digital world leads to more expansive cyber risk for everyone, the necessity for legal infrastructure that helps manage data privacy will grow. As of the end of 2023, there are already several states that have passed consumer privacy laws that will go into effect in 2026 and it is likely that more will follow.
No. 9: There will continue to be increased scrutiny for OFAC compliance and ransom demand payments.
In 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) declared their opposition to ransomware victims making payments and issued an “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” The advisory is directed toward ransomware victims as well as financial institutions, cyber insurance firms, and incident response firms and defines OFAC’s “commitment to bringing enforcement actions in connection with payments that violate US sanctions.”
The cybercriminal market operates through funding from extortion payments. The best way to stop cyber attacks at the source is by reducing the profitability of cybercrime. Going into 2024, scrutiny from a legal perspective against organizations who choose to pay will rise as payment continues to fund large-scale attacks, including cyber warfare efforts. However, along with this scrutiny, more solutions to managing risk and building resilience against the initial breach will be shared by the OFAC. Their 2021 updated advisory includes details on “the proactive steps companies can take to mitigate [sanctions enforcement] risks,” with a focus on sharing strong cybersecurity strategies. Helping organizations build resilience against ransomware will be a pivotal part of the OFAC’s focus going forward.
No. 10: Ransomware claims will continue to be prevalent, along with business email compromise.
2023 was a tumultuous year for the cybercriminal ransomware market. Resilience’s mid-year claims report saw that while organizations are growing more resilient to making extortion payments, the total amount requested per payment is growing, leading 2023 to be the most financially damaging year for ransomware since 2021. We also noted that in this attempt to achieve successful ransom payments, sprawling third-party attacks and “big-game” hunting are trending. Threat actors are attempting to breach multiple systems at once to increase their likelihood of payment and also are setting their sights on larger organizations that may have more reserves to pay an extortion. According to a report by cybersecurity firm Abnormal, business email compromise increased by 55% in the first half of 2023.
Cyber risk experts predict that each of these trends will continue through the end of the year and into 2024. The cybercriminal market relies on extortion payments to fund its activities and is able to establish workarounds to security protocols quickly. In 2024, building resilience against ransomware and business email compromise will be a key component of managing cyber risk.
As we move into the next year, it is likely that the cyber landscape will evolve in ways we never saw coming. However, given the data from key trends in 2023 and our expert knowledge in tracking and translating cyber risk into actionable insight, caution around these ten predictions will be beneficial in the new year. As we continue to monitor the state of cyber risk, keep up with our insights by following us on LinkedIn and following our blog series.
Davis Hake is co-founder of Resilience, a cyber risk solutions company. This article is published with permission from the author and may not be reproduced.
See also: