Every digital commerce and social media activity will be a risk, and organizations will have to watch for threats from within…

What will the cyber threat landscape be like in 2024? In this first of many year-end predictions by cybersecurity firms and industry experts, Trellix has listed four key trends to watch for.

First, AI will be abused by all levels of cybercriminals to improve their already-effective social engineering tactics, techniques and procedures.

Second, ransomware/extortion attacks will become even more complex, evasive, prolonged and disruptive. Third, inadvertent or malicious threats from within organizations are expected to become a rising vector of attack.

Lastly, cybercriminals and fraudsters will be increasingly using QR codes for their ploys. More details on each trend as follows:

    • AI-generated voice scams in social engineering

      The rise of deepfake scams involving AI-generated voices is set to grow, due to the recent democratization of generative AI tools. Scammers will thereby by leveraging AI-generated voices to automate and amplify their fraudulent activities, targeting numerous potential victims simultaneously with personalized voice messages or calls. Additionally, these scams are not limited by language barriers, allowing scammers to target victims across diverse geographic regions and cultures.

    • Even more layers of ransomware extortion

      Ransomware groups are starting to contact the clients of their victims as a new way to apply pressure and combat recent ransomware mitigations. This allows them to ransom the stolen data not only with the direct victim of their attack, but also any clients of the victim that may be impacted by the stolen data. As this additional form of extortion grows in popularity, ransomware groups may increasingly look to target entities that handle not only sensitive personal information, but intimate details that can be used to extort clients. It would not be surprising for the healthcare, social media, education, and cloud-software industries to come further under fire in 2024 from these groups.

    • A silent surge in insider threats

      Over the past few years, Trellix researchers have observed an increase in insider threats that pose a multifaceted risk that affects both public and private organizations globally. This threat undermines the confidentiality and integrity of the organization while aiding adversaries in gathering intelligence, carrying out sabotage operations, and using subterfuge methods to achieve their nefarious objectives. With the proliferation of connected devices and hybrid- and remote- workforces, insider threats will continue to grow. it will be essential for organizations to identify, evaluate, detect, and manage these insider threats in 2024 to retain stakeholder confidence.

    • Quick Response codes or Quick Robbery?

      As QR codes become more widespread in day-to-day digital lifestyle activities, attackers are adapting their tactics to exploit new vulnerabilities. One of the primary reasons behind the expected rise of QR code-based phishing campaigns is that people instinctively trust QR codes and similar convenience-boosting technologies, which can be exploited by cybercriminals to embed malicious links or redirect victims to fake websites.

According to John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center: “In order to break away from escalating attacks and start outsmarting and outmaneuvering threat actors, all industries need to embrace a cyber strategy that is constantly vigilant, actionably comprehensible, and adaptable to new threats. That is how we can ensure a one-step lead over cybercriminals in the coming year.”