The Shape of Threats to Come: The Onslaught of Hacktivism, AI-based Attacks and Weaponised Deepfakes

GUEST OPINION: When Australian cybersecurity professionals return to work after a (hopefully) quiet festive break, they’ll be facing a year filled with both challenges and opportunities.

Artificial Intelligence (AI) and Machine Learning (ML) will continue to change the threat landscape while supply chain and critical infrastructure attacks will cause damage and disruption. As 2024 begins, security teams will need to hit the ground running.

Eight key predictions that could impact 2024 are:

1. AI and ML adoption by attackers will grow exponentially

AI and ML dominated many cybersecurity discussions during 2023 and the new year will be no different. An increasing number of threat actors will adopt AI and ML to accelerate and expand every aspect of their attack toolkit.

Meanwhile, just as cybercriminals tap into the potential of AI and ML, so too will cybersecurity teams. There have already been significant investments in AI for cybersecurity and threat prevention, and this will continue as more companies look to guard against these advanced threats.

2. Hackers will turn to the cloud for support:

As the popularity of generative AI continues to soar through 2024, the cost of running these massive models will rapidly increase, potentially reaching tens of millions of dollars. Hackers will therefore see cloud-based AI resources as a lucrative opportunity and will focus their efforts on establishing Graphic Processing Unit (GPU) farms in the cloud to fund their AI activities.

Just as computational cloud resources were a prime target for crypto mining a few years ago, 2024 will bring the emergence of ‘GPU Farming’ as the latest and most sought-after cloud-based target.

3. Supply chain and infrastructure attacks will continue:

An increase in cyberattacks on critical infrastructure, particularly those with nation-state involvement, will accelerate the shift towards Zero Trust security models. These will require verification from anyone attempting to connect to a system, regardless of whether they are inside or outside the network.  And the network is defined as everywhere and everything.

The number of cyber incidents involving supply chains will also continue to increase and often have far-reaching effects. The only way to counter this is for organisations to undertake stricter evaluations of their third-party suppliers and partners. 

We have seen very public examples of this trend in Australia though 2023, with the Government now getting on the front foot by laying out a seven year Cyber Security Strategy, with $586m in investment.

4. AI will also have an increasing impact on cyber insurance:

During 2024, AI will begin to transform the way that insurance companies assess the cyber resilience of prospective customers. The technology will also provide opportunities for these companies to offer cybersecurity services directly.

As the cost of cyber insurance continues to climb, organisations will begin to shift from reactive security to more effective defensive security. By demonstrating preventative action against cyberattacks, some may see their premiums reduced.

5. Hacktivism and nation-state attacks will continue:

Unfortunately, the Russia-Ukraine conflict was a significant milestone in the case of cyber warfare carried out by nation-state groups. Geo-political instability is very likely to continue during 2024, and hacktivist activities will make up a larger proportion of cyberattacks.

While a large number of hacktivist groups use a political position as a reason to launch attacks, they could be masking ulterior motives. The lines between hacktivism and commercialism may blur with threat actors choosing ransomware attacks as a revenue stream to fund other activities.

Indeed, in the months ahead, hacktivist attacks are expected to rise given the current instability in the Middle East.  The cyber operations mainly serve as informational and retaliatory tactics, and will continue in the new year.

6. Deepfake techniques will become weaponised:

Increasingly, deepfakes will become weaponised and used as a way to sway opinions, alter stock prices or even influence election outcomes. Such tools are readily available online and threat actors will continue to use deepfake social engineering attacks to gain permissions and access sensitive data.

7. Phishing attacks will remain a huge problem for businesses:

In recent years it has become much easier for cybercriminals to ‘log in’ rather than ‘break in’ to targeted infrastructures. Following the widespread success of phishing campaigns, 2024 will see more attacks that originate from credential theft and not vulnerability exploitation.

Also, AI-enhanced phishing tactics are likely to become more personalised and effective, making it even harder for individuals to identify malicious intent and leading to increased phishing-related breaches.

8. Ransomware and ‘living off the land’ attacks will increase:

Usage by cybercriminals of so-called ‘living-off-the-land’ techniques, which leverage legitimate system tools to execute attacks, is likely to surge in 2024. This approach, which is much harder to detect and thwart, underscores the necessity for sophisticated threat prevention strategies, including Extended Detection and Response (XDR) that can pinpoint device and network behaviour anomalies.

Also, although many organisations have boosted their defences against ransomware, incidents of data loss or leakage are likely to rise. A contributing factor could be the increasing reliance on SaaS platforms to store sensitive data as part of application services, presenting new vectors and vulnerabilities that malicious entities can exploit.

This increase in ransomware attacks will require discerning interpretation, potentially being inflated due to newly instituted reporting mandates. It is imperative to dissect these statistics judiciously, understanding the dynamics of reporting protocols in analysing the true scope and scale of the threat.

As 2024 unfolds, the workloads and pressures experienced by IT security teams will almost certainly increase. Taking time ahead of the new year to assess the measures in place and augment them where necessary will reduce the likelihood that attacks will cause disruption and potential financial losses.