Digital malice, fraud and aggression have become so lucrative in a war-torn and fragmented world: expect more artificially-intelligent cyber threats soon!

With the growth of Cybercrime-as-a-Service (CaaS) operations and the advent of generative AI, threat actors now have more “easy” buttons at their fingertips to assist with carrying out attacks than ever before.

They will launch more targeted and more stealthy hacks designed to evade robust security controls, as well as become more agile by making each tactic in the attack cycle more efficient.

Here are our cyber predictions for 2024.

The evolution of old ‘favorites’

Next year, the “classics” attack tactics are not  going away. Instead, they will evolve and advance as threat actors gain access to new resources.

For example, when it comes to advanced persistent threats (APT), we anticipate more activity among a growing number of players. In addition to the evolution of their threats, we predict that cybercrime groups in general will diversify their targets and playbooks, focusing on more sophisticated and disruptive attacks, and setting their sights on denial of service and extortion.

Cybercrime “turf wars” will continue, with multiple attack groups homing-in on the same targets and deploying ransomware variants, often within 24 hours or less. In fact, such activities have surged so much that the FBI even had to issue a warning to organizations about it earlier this year.

And let us not forget about the evolution of generative AI. Weaponization of this arm of AI is adding fuel to an already raging fire, giving attackers an easy means of enhancing many stages of their attacks. As we have predicted in the past, cybercriminals are increasingly using AI to support malicious activities in new ways, ranging from thwarting the detection of social engineering to mimicking human behavior. 

Derek Manky, Global VP, Threat Intelligence, Fortinet

As cybercrime evolves with such added ammunition, we anticipate seeing several fresh trends emerging:

    1. Next-level playbooks: Cybercriminals are quickly exhausting smaller, easier-to-hack targets. Looking ahead, we predict attackers will take a “go big or go home” approach where adversaries turn their focus to critical industries such as healthcare, finance, transportation, and utilities. Compromising such targets will have a sizeable adverse impact on society and make for a more substantial payday for the attackers. They will also expand their playbooks to make their activities more personal, aggressive, and destructive.
    2. Zero days as a service: Our metrics show a record number of zero days and new Common Vulnerabilities and Exposures (CVEs) in 2023, and that count is still rising. Given how valuable zero days can be for attackers, we expect to see zero-day brokers (which are criminals selling zero days on the Dark Web to multiple buyers) emerge among the CaaS community. N-days will also continue to pose significant risks to organizations.
    3. Launching attacks with insiders: As more organizations level up their security controls, cybercriminals must find new ways to reach their targets. Given this trend, we predict that attackers will continue to shift left with their tactics, reconnaissance, and weaponization, with groups beginning to recruit from inside target organizations for initial access purposes.
    4. Targeting of major events: Attackers will take advantage of more geopolitical happenings and event-driven opportunities, such as the 2024 US elections and the Paris 2024 games. While adversaries have always targeted major events, cybercriminals now have new tools at their disposal—generative AI in particular—to support their activities.
    5. Narrowing the playing field: Attackers will inevitably continue to expand the collection of their tactics, techniques, and procedures. Yet, defenders can gain an advantage by using proactive and preemptive blocking of indicators of compromise, by having a deeper feel of attackers’ most-used strategies, and narrow the playing field to maneuver in.
    6. More 5G attacks ahead: With more devices coming online, we anticipate that cybercriminals will take greater advantage of connected attacks in the future. A successful attack against 5G infrastructure could easily disrupt critical industries such as oil and gas, transportation, public safety, finance, and healthcare.

Navigating a new era of cybercrime

Threat actors do not have to have the upper hand. Security communities can take many actions to anticipate cybercriminals’ next moves and disrupt their activities more efficiently, by forging more public-private collaborations.

Organizations also have a vital role to play in disrupting cybercrime. This starts with creating a culture of cyber resilience — making cybersecurity everyone’s job — by implementing ongoing initiatives such as enterprise-wide cybersecurity education programs and more focused activities like tabletop exercises for executives.

Finding ways to shrink the cybersecurity skills gap, such as finding untapped talent pools to fill open roles, can help enterprises navigate the combination of overworked IT and security staff as well as the growing threat landscape.

And threat sharing will only become more important in the future, as this will help enable the quick mobilization of protections.