No matter how you look at it, 2024 promises to be, at the very least, an interesting year. Major elections in ten of the world’s most popular countries have people calling it “democracy’s most important year.” At the same time, war in Ukraine, genocide in Gaza, and a drought in the Panama Canal continue to disrupt global supply chains. Domestically, the UK and US have been hit by rising prices and spiralling costs of living, as corporations continue to raise prices, even as inflation subsides.
Spikes in economic hardship and sociopolitical unrest have contributed to a huge uptick in the number and severity of cybercrimes over the last few years. That trend is expected to continue into 2024, further accelerated by the adoption of new AI tools by both cybersecurity professionals and the people they are trying to stop.
So, from AI-generated phishing scams to third-party exposure, here are 2024’s biggest cybersecurity threat vectors.
1. Social engineering
It’s not exactly clear when social engineering attacks became the biggest threat to cybersecurity operations. Maybe it’s always been the case. Still, as threat detection technology, firewalls, and other digital defences get more sophisticated, the risk posed by social engineering attacks is only going to grow more outside compared with network breaches.
More than 75% of targeted cyberattacks in 2023 started with an email, and social engineering attacks have been proven to have had devastating results.
One of the world’s largest casino and hotel chains, MGM Resorts, was targeted by hackers in September of last year. By using social engineering methods to impersonate an employee via LinkedIn and then calling the help desk, the hackers used a 10-minute conversation to compromise the billion-dollar company. The attack on MGM Resorts resulted in paralysed ATMs and slot machines, a crashed website, and a compromised booking system. The event is expected to take a $100 million bite out of MGM’s third-quarter profits. The company is expected to spend another $10 million on recovery alone.
2. Professional, profitable cybercrime
Cybercrime is moving out of the basement. The number of ransomware victims doubled in 2023 compared to the previous year.
Over the course of 2024, the professionalisation of cybercrime will reach new levels of maturity. This trend is largely being driven by the proliferation of affordable ransomware-as-a-service tools. According to a SoSafe cybercrime trends report, these tools are driving the democratisation of cyber-criminality, as they not only lower the barrier of entry for potential cybercriminals but also represent a significant shift in the attack complexity and impact.”
3. Generative AI deepfakes and voice cloning
Artificial intelligence (AI) is a gathering storm on the horizon for cybersecurity teams. In many areas, its effects are already being felt. Deepfakes and voice cloning are already impacting the public discourse and disrupting businesses. Recent developments that allow bad actors to generate convincing images and video from prompts are already impacting the cybersecurity sector.
Police in the US have reported an increase in voice cloning used to perpetrate financial scams. The technology was even used to fake a woman’s kidnapping in April of last year. Families lose an average of $11,000 in each fake-kidnapping scam, Siobhan Johnson, an FBI spokesperson, told CNN. Considering the degree to which voice identification software is used to guard financial information and bank accounts, experts at SoSafe argue we should be worried. According to McAfee, one in four Americans have experienced a voice cloning attack or know someone who has.
- Cybersecurity
- Data & AI