The future of cyber risk is unknown.
From the first signs of generative AI products to the scaling of extortion attacks through third party SaaS vendors, 2023 has been a year of innovation, bad and good. But what trends are here to stay? And what does that mean for security and risk leaders in 2024?
Leaning on Resilience’s expertise across our security and insurance teams, we have compiled a list of ten cyber predictions that we believe will be relevant in 2024.
1. Adversaries will leverage Large Language Models (LLMs) to accelerate the time to ransom.
Resilience cybersecurity experts predict that in 2024, adversaries will continue to leverage Large Language Models(LLMs) to accelerate social engineering tactics and time to ransomware attacks. According to a report by NordVPN, there has been increased interest by potential criminal actors as the volume of posts regarding ChatGPT in DarkWeb forums increased 145% in just the first month of 2023.
LLMs can be leveraged to create more convincing and effective social engineering or phishing attacks. They can also be used to impersonate organizations or individuals and create fictitious engagement on social media platforms. LLMs such as ChatGPT generally include safeguards to prevent misuse. However, research by Google has shown that these safeguards have many ways to be bypassed.
In October, Resilience CISO Justin Shattuck sat down with our broker partners to give them a hands-on demonstration on the ease and effectiveness of using generative AI to speed up social engineering techniques. Ultimately, the future of social engineering attacks will require a heightened level of vigilance on a human level. More sophisticated training and stronger email security measures will be required to replace traditional mitigation measures, such as searching for spelling errors or disfigured company logos.
2. Attacks against identity providers will increase.
According to Crowdstrike, in 2023, 80% of cyberattacks leveraged identity-based techniques to compromise credentials. Their Global Threat Report shows that threat actors are “doubling down on stolen credentials,” with a 112% year-over-year increase since 2021 in advertisements for access-broker services identified in the criminal underground. This increase can be attributed to the expansion of cloud usage and remote work in most organizations today. Increased digitization and volumes of online identities lead to an increase in identity-based attacks.
In 2024, not only are identity-based attacks going to continue to be a leading tactic, but identity providers themselves will grow as targets. Infiltrating identity provider networks can have a sprawling impact on thousands of organizations and millions of individuals. We saw this happen with the recent Okta attacks. Threat perpetrators involved in the ransomware attacks against MGM in September claim they accessed the casino’s Okta environment prior to the attack. Resilience security experts predict that the success of incidents like this one will lead to an increased trend of attacks against identity providers in 2024.
3. We are going to see a continued increase in privacy regulation across the US.
Data privacy laws in the United States saw massive expansion in 2023, as the US made efforts to establish something similar to the European Union’s General Data Protection Regulations implemented in 2018. Working to pass the American Data Privacy and Protection Act, six state legislatures implemented data privacy laws in 2023 to help organizations manage regulatory challenges with compliance and operational and financial cyber risks. While this is good news that implies the severity of cyber incidents is being taken seriously, this also means that compliance requirements for experiencing an incident are now more stringent and could result in high fees if the organization is uninformed.
Heading into 2024, Resilience insurance experts believe that we will continue to see more states take action to implement data privacy regulations. As the modern digital world leads to more expansive cyber risk for everyone, the necessity for legal infrastructure that helps manage data privacy will grow. As of the end of 2023, there are already several states that have passed consumer privacy laws that will go into effect in 2026 and it is likely that more will follow.
4. Threat actors will continue to target third-party vendors to scale their attacks.
Trends we’ve seen throughout 2023 will continue and potentially ramp up as the success of third-party vendor breaches fund cybercriminal activities. Third-party risk poses massive challenges to companies, particularly within the supply chain. Data from Resilience’s Mid-Year 2023 Claims Report showed that third-party breaches had become our top point-of-failure and cause-of-loss within our client base throughout the first half of 2023.
As this type of attack gains significant traction, it will be imperative to converge vendor risk and internal risk, managing them holistically and taking vendor risk as seriously as internal risk. Ensuring vendors align with your security requirements will be a key component in building resilience against supply chain breaches and limiting the scope of these incidents. As the third-party risk environment grows increasingly challenging, quantifying the real impact of a cyberattack, business continuity challenges, reputational concerns, and more will be imperative to manage third-party risks in 2024.
5. LockBit will remain the dominant ransomware gang for a fourth consecutive year.
LockBit has been the dominant ransomware gang for the last three years, and this will not change in 2024. Within Resilience’s client base, LockBit has consistently ranked among the top three most active criminal groups. According to Threat Intelligence group Flashpoint, LockBit was responsible for nearly 28% of all known ransomware attacks from July 2022 to June 2023 and can be considered the most well-organized ransomware-as-a-service group in the world. They employ administrators, developers, and a full cybercrime infrastructure that has helped them carry out approximately 1,700 attacks in the US and earn around $91 million in extortion payments since they were first observed in early 2020.
In 2023, LockBit had more than twice as many victims as the two other top ransomware groups, CL0P and BlackCat, respectively. Their continued high volume of victims makes them the world’s “most active” ransomware group. In 2024, it is more than likely that LockBit will maintain this status. However, as organizations grow more resilient to making ransom payments (noted in Resilience’s Mid-2023 Claims Report), LockBit may struggle to remain profitable in the upcoming year. Despite the state of the ransomware economy, reducing LockBit’s success by maintaining security infrastructure against ransomware extortion will be a key focus in 2024.
6. There will continue to be increased scrutiny for OFAC compliance and ransom demand payments.
In 2021, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) declared their opposition to ransomware victims making payments and issued an “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” The advisory is directed toward ransomware victims as well as financial institutions, cyber insurance firms, and incident response firms and defines OFAC’s “commitment to bringing enforcement actions in connection with payments that violate US sanctions.”
The cybercriminal market operates through funding from extortion payments. The best way to stop cyber attacks at the source is by reducing the profitability of cybercrime. Going into 2024, scrutiny from a legal perspective against organizations who choose to pay will rise as payment continues to fund large-scale attacks, including cyber warfare efforts. However, along with this scrutiny, more solutions to managing risk and building resilience against the initial breach will be shared by OFAC. Their 2021 updated advisory includes details on “the proactive steps companies can take to mitigate [sanctions enforcement] risks,” with a focus on sharing strong cybersecurity strategies. Helping organizations build resilience against ransomware will be a pivotal part of OFAC’s focus going forward.
7. State-backed threat actors will continue to leverage zero-day vulnerabilities.
State-backed threat actors enacting sophisticated cyber attacks that target national security are a growing threat. Conflicts like the recent war against Ukraine have spawned an uptick in “cyber warfare”- committing cyber attacks to push a political agenda or pervade war tactics against a nation. These attacks present a growing threat to national security, targeting critical infrastructures such as information technology, education, think tanks, and more.
State-backed threat actors often rely on zero-day vulnerabilities to initially breach networks. Cybersecurity firm Mandiant reported that in 2022, 80% of zero-day exploits were caused by state-sponsored threat actor groups. Mandiant defines a zero-day as a vulnerability by its ability to be exploited in the wild prior to a publicly released patch. These attacks are popular as they allow cybercriminals to gain access to a network and move within it before a patch or workaround to the vulnerability is created. Often, these vulnerabilities aren’t even found prior to exploitation.
As modern warfare begins to rely more on cyber attacks to gain momentum and military advantage, close monitoring for zero-day vulnerabilities, particularly within critical infrastructure, will be essential to keep countries resilient against cyber warfare in 2024.
8. We will see data privacy violations arise from the insecure deployment of LLMs in SaaS products.
New AI capabilities, such as the use of Large Language Models (LLMs) within digital and SaaS products, are revolutionizing the way consumers interact with online products. However, in the rush to deploy the latest AI technology, concerns about adversarial attacks that could cause these models to share data inadvertently are being overlooked.
LLMs such as OpenAI’s ChatGPT have data retention policies that may not align with the data handling strategies upheld by organizations. LLMs rely on user data and sometimes share this data with third parties, creating a security gap between the language models and organizations that use them.
Maintaining the privacy of data that is processed through LLMs presents a unique challenge. Tactics such as data obfuscation, sandboxing a controlled computational environment, or refining data sets to exclude confidential information can be used to mitigate this risk while LLMs navigate data privacy regulations and become more ingrained in modern security solutions in the future.
9. We will see politically motivated disinformation campaigns created through AI.
The creation of large language models and AI has led to more convincing phishing messages, and the use of these LLMs to push malicious agendas will continue to ramp up in 2024. As the US and UK both face upcoming elections, the risk of politically motivated disinformation campaigns created through AI is alarming. “The general ability of these models to manipulate and persuade, to provide one-on-one interactive disinformation is a significant area of concern,” said Sam Altman, CEO of ChatGPT, at a congressional hearing in Washington in May 2023. “Regulation would be quite wise: people need to know if they’re talking to an AI or if the content that they’re looking at is generated or not.”
As of late 2023, no such legislation exists. However, in June, Senate Majority Leader Chuck Schumer announced an innovation framework supporting five pillars to “encourage domestic AI innovation while ensuring adequate guardrails to protect national security, democracy, and public safety.” This framework is to be discussed at AI Insight Forums, featuring Senators, AI experts, civil rights and consumer groups, and more. Their first meeting was held on September 13, 2023, with plans to draft legislation within “the next few months.”
10. Ransomware claims will continue to be prevalent, along with business email compromise.
2023 was a tumultuous year for the cybercriminal ransomware market. Resilience’s Mid-Year Claims Report saw that while organizations are growing more resilient to making extortion payments, the total amount requested per payment is growing, leading 2023 to be the most financially damaging year for ransomware since 2021. We also noted that in this attempt to achieve successful ransom payments, sprawling third-party attacks and “big-game” hunting are trending. Threat actors are attempting to breach multiple systems at once to increase their likelihood of payment and also are setting their sights on larger organizations that may have more reserves to pay an extortion. According to a report by cybersecurity firm Abnormal, business email compromise increased by 55% in the first half of 2023.
Resilience experts predict that each of these trends will continue through the end of the year and into 2024. The cybercriminal market relies on extortion payments to fund its activities and is able to establish workarounds to security protocols quickly. In 2024, building resilience against ransomware and business email compromise will be a key component of managing cyber risk.
As we move into the next year, it is likely that the cyber landscape will evolve in ways we never saw coming. However, given the data from key trends in 2023 and our expert knowledge in tracking and translating cyber risk into actionable insight, caution around these ten predictions will be beneficial in the new year. As we continue to monitor the state of cyber risk, keep up with our insights by following us on LinkedIn and following our blog series.