AI cyberattacks are expected to increase in 2024 [4], with generative AI and large language models contributing to various forms of cyberattacks [4]. This poses a significant threat to organizations and individuals alike.
Description
Canadian CEOs believe that generative AI will make them more vulnerable to breaches [4], and a UK government report states that AI poses a threat to the country’s next election [4]. Adversaries are leveraging AI tools like ChatGPT [4], Dall-E [4], and Midjourney for automated phishing attacks [4], impersonation attacks [4], social engineering attacks [4], and fake customer support chatbots [4]. Spear-phishing attacks using AI have seen a significant rise, as cybercriminals can now create emails with perfect grammar and English usage [4]. Impersonation attacks using AI tools like ChatGPT are also increasing [4], with scammers pretending to be trusted individuals to gain access to accounts [4]. Social engineering attacks that use voice cloning and deepfake technology to create incendiary content are also on the rise [4]. Organizations are developing their own adversarial AI to combat AI-driven attacks [4], using generative adversarial networks (GANs) to generate new attack patterns [4]. Anomaly detection is another method used to identify attacks by understanding normal behavior and flagging suspicious activity [4]. AI systems are also being used to improve threat detection and response [4], allowing security teams to more effectively address legitimate threats [4]. Zero-day attacks are expected to increase in 2024 [4], and both attackers and defenders will continue to use generative AI in the field of cybersecurity. However, it is unlikely that generative AI will be able to create its own malware [1]. These notable cybersecurity threats were discussed during two public virtual sessions in 2023.
In 2022, there was a decrease in card-not-present payment card records on the dark web [3], but cybercrime started to recover in 2023 [3]. This recovery has led to the use of new techniques such as Google Tag Manager GTM [3], Telegram Messenger [3], and attack-carrier domains [3]. It is expected that these techniques will continue to increase in 2024 [3]. Additionally, cybercriminals have started using AI workflows to carry out fraud schemes [3], which is expected to become a major tactic in 2024 [3]. AI is seen as a weapon of choice for cyber threat actors [3].
Barracuda’s frontline security experts predict that attackers will become more skilled at bypassing multifactor authentication and exploiting vulnerabilities in supply chains and critical infrastructure in 2024. Targeted ransomware campaigns are expected to focus on critical infrastructure and high-value targets [2]. Threat actors will continue to concentrate on account takeover and phishing attacks [2], using the resulting access for additional malicious activities [2]. New threats may arise from technological advancements [2], geopolitical events [2], and changes in attacker tactics [2], including deepfake and synthetic media attacks [2]. Small and mid-market businesses are expected to be targeted more as they digitize and face a shortage of cybersecurity professionals [2]. Organizations are urged to adopt comprehensive strategies to address all potential vectors of attack and seek integrated-end-to-end security solutions [2], third-party security operations centers [2], and ongoing employee security awareness training [2]. Leading security vendors are committed to providing innovative solutions to address the evolving threat landscape [2].
Conclusion
The increasing prevalence of AI cyberattacks poses significant challenges for organizations and individuals. It is crucial to develop robust defenses and strategies to mitigate these threats. As attackers become more skilled and target critical infrastructure, organizations must prioritize comprehensive security measures, including multifactor authentication and vulnerability management. Additionally, the use of AI workflows by cybercriminals highlights the need for ongoing innovation and adaptation in the field of cybersecurity. By staying vigilant and proactive, organizations can effectively address the evolving threat landscape and protect against potential attacks.
References
[1] https://www.techrepublic.com/article/google-cloud-security-talks-2023/
[2] https://www.cioaxis.com/hottopics/security/barracuda-frontline-security-professionals-expect-2024-to-be-dominated-by-ai-powered-cyberattacks
[3] https://www.csoonline.com/article/1267398/hybrid-online-frauds-likely-to-gain-momentum-in-2024-report.html
[4] https://www.darkreading.com/vulnerabilities-threats/how-ai-shaping-future-cybercrime
