Cyberthreat predictions for 2024 from Barracuda’s security frontline

AK: The evolving AI threat, exploit mapping for ransomware, supply chain and critical infrastructure attacks, and the continued shortage of cybersecurity professionals.

MK: The bypass of multifactor authentication (MFA). While MFA is a trusted security measure, there's a growing trend of cybercriminals finding ways to circumvent it. Another pressing issue is the threat from critical zero-day vulnerabilities and cloud-based risks from misconfigurations, inadequate access controls, and vulnerabilities in cloud infrastructure.

CS: We’re seeing companies starting to worry that their backup solution could be compromised if they are attacked. Hackers employ various methods to seek out and destroy backup data prior to encrypting or extorting data, and on-premises solutions are particularly vulnerable to such attacks.

ET: The speed of cyberattacks. Account takeover and phishing together with ransomware-as-a-service (RaaS) kits, where prices start from as little as $40, remain key drivers in cyberattacks. They help attackers carry out more attacks faster, with the average number of days taken to execute a single attack falling from around 60 days in 2019 to four in 2023.

RA: Not having a single comprehensive security platform or solution to protect their business. Businesses today rely on a plethora of security vendors with varied offerings and expertise to protect their businesses, and they are concerned about the gaps in these solutions and unknown unknowns.

JC: The vast number of solutions they need to deal with for their daily tasks and not knowing if their legacy solutions are the right tools to approach new and future challenges.

ML: Ransomware, phishing, and data breaches. Customers are also concerned about the specific security risks associated with new technologies, such as artificial intelligence (AI) and the Internet of Things (IoT).

And what are they least prepared to deal with?

SS: Most organizations are not prepared to defend themselves against targeted and high-quality attacks that we used to see only at the nation-state and intelligence agency level. That includes social engineering and technical attack vectors. If you add the use of AI, it’s clear that more organizations are going to face sophisticated attacks.

CS: Companies are poorly prepared to deal with testing their data loss prevention (DLP) and recovery. When it comes to data protection, for example, many companies do the bare minimum — they implement a backup solution, schedule their backups to run daily, and think the job’s done. They generally don’t give any time to testing all types of data restoration or to documenting the steps so that anyone in the IT security team can implement the process when under pressure.

ET: The use of AI to automate and accelerate attacks, creating more effective AI-powered malware, phishing, and voice simulation.

MK: MFA bypass. While zero-day vulnerabilities and cloud-based attacks are recognized threats that have been in the spotlight for some time, the increasing sophistication in bypassing MFA is a relatively newer challenge.

SH: Image-based attacks. These attacks exemplify the evolving nature of cyberthreats. They include steganographic payloads where cybercriminals embed malicious code, text, or files within images. This payload can be extracted using specific tools, allowing attackers to conceal their intentions. There is also malicious watermarking, where attackers add imperceptible watermarks to images, containing encoded information or links to malicious content; and polyglot files that are crafted to be interpreted as both valid images and executable files, allowing attackers to bypass certain security checks.

RA: Ransomware. Most companies don’t have a standard playbook on how to deal with a ransomware incident.

JC: With their legacy technologies, a lack of skilled staff, and AI in the hands of cybercriminals, unprepared IT teams relying on average solutions to protect their business are likely to be hit hard by the emerging wave of intelligent persistent threats.

What do you expect attackers to focus on most in 2024?

AK: AI-powered cyberattacks, with cybercriminals leveraging AI and machine learning (ML) to enhance the sophistication of their attacks.

MK: AI-powered attacks and more targeted ransomware campaigns. Attackers are leveraging advanced AI algorithms to automate their attack processes, making them more efficient, scalable, and difficult to detect. These AI-driven attacks can adapt in real time, learning from the defenses they encounter and finding innovative ways to bypass them. Ransomware attacks are evolving into more targeted campaigns as cybercriminals focus on critical infrastructure and high-value targets, aiming to inflict maximum damage and, in turn, demand exorbitant ransoms.

PG: There seems to have been a great deal of energy spent by cybercriminals on account takeover attacks in 2023. I think we will see a continued and concentrated effort by threat actors to attack identities first and foremost, as this affords them a variety of pivot points for additional attacks.

ET: Attackers will continue to focus on attack kits and account takeover attacks. It is almost impossible to stop all employees from clicking on increasingly sophisticated phishing emails.

SH: 2024 may see new threats emerge based on technological advancements, geopolitical events, and changes in attacker tactics. This may include deepfake and synthetic media attacks. As deepfake technology advances, attackers may use it for disinformation campaigns, impersonation, or to manipulate media for malicious purposes. At the same time, established attacks including ransomware, supply chain attacks, and data privacy violations are likely to continue and increase. Attackers may focus increasingly on exploiting vulnerabilities in IoT and operational technology (OT).

RA: Attackers are shifting toward small and mid-market businesses as they are aware of the increased digitization and lack of cybersecurity professionals in the market.

SvdW: Attackers will keep exploiting the weakest links within businesses. As always, cybercriminals are interested in the path of least resistance. This means organizations need to make sure they have an overarching strategy ready to deal with all vectors rather than focus on one.

JC: I see two trends. The first one is the continuation of the usual threat vectors as attackers know that companies are both understaffed with inexperienced IT teams and grappling with possibly legacy, outdated, or misconfigured solutions. The second one is the natural evolution of technology — as we enhance our security assets with AI-based solutions, we are automatically creating new attack vectors that are crafted based on the quality of results of generative AI itself.

As AI-enabled cyberattacks take deeper hold in 2024, will security vendors need to do more to help companies deal with attacks?

SS: Organizations should prepare themselves for compromise. This means that, in addition to the initial prevention, we should focus on the detection of ongoing attacks and the corresponding response, for example with decentralized security at the edge.

MK: The inherent adaptability of AI-driven threats, which can analyze defenses and recalibrate their tactics in real time, challenges the traditional preventive measures. Security vendors must equip organizations with tools not only for rapid breach detection, but also for understanding the scope and containing the threat swiftly.

SH: Security vendors need to evolve beyond a purely preventative approach and embrace a more holistic strategy that includes detection, response, recovery, and continuous improvement.