Derek Mankу, Chief Security Strategist & Global VP Threat Intelligence, Fortinet
Source: fortinet.com/blog
With the development of Cybercrime-as-a-Service (CaaS), as well as the emergence of generative artificial intelligence, threat actors have more and more “simple” tools to help them carry out attacks. Relying on growing capabilities in their toolkits, adversaries are increasing the complexity of their operations. They will launch more targeted and stealthy attacks designed to evade robust security controls, and will also become more flexible, making every tactic in the attack cycle more effective.
In Fortinet’s 2024 Threat Forecast Report, the FortiGuard Labs team looks at the new era of advanced cybercrime, explores how artificial intelligence is changing strategy, shares new threat trends to watch out for this year and into the future, and offers advice on how to how organizations around the world can increase collective resilience against emerging threats.
Evolution of old favorites
Fortinet has observed and discussed many attack tactics over the years and has covered these topics in past reports. The “classic” isn’t going away — instead, it’s evolving and improving as attackers gain access to new resources. For example, when it comes to Advanced Persistent Threats (APTs), activity is expected to increase. In addition to the evolution of APT operations, it is predicted that cybercriminal groups in general will diversify their goals and schemes, focusing on more sophisticated and destructive attacks and targeting denial of service and extortion.
Cybercrime “turf wars” continue as multiple groups of attackers target the same targets and deploy variants of ransomware, often within 24 hours or less. And let’s not forget about the evolution of generative AI. The weaponization of AI adds fuel to an already raging fire by giving attackers an easy way to amplify the many stages of their attacks. Cybercriminals are increasingly using artificial intelligence to support malicious activity in new ways, from preventing detection of social engineering to mimicking human behavior.
Fresh threat trends to watch for in 2024 and beyond
Cybercriminals have always relied on tried and tested tactics and techniques to make a quick buck, but today’s attackers have more and more tools at their disposal to help them carry out an attack. As cybercrime evolves, the Fortinet team expects several new trends to emerge in 2024 and beyond:
Next-Level Guides: Ransomware attacks worldwide have skyrocketed over the past few years, and every organization, regardless of size or industry, has become a target. However, as more cybercriminals launch ransomware attacks to turn a profit, cybercriminal groups are quickly exhausting smaller, easier-to-hack targets. Looking ahead, Fortinet predicts that attackers will take a shield-or-shield approach, focusing on mission-critical industries such as healthcare, finance, transportation and utilities that, if breached, will have a significant negative impact on society and can make a more significant profit for the attacker. They will also expand their manuals, making activities more personalized, aggressive and destructive.
A new era of zero-day threats: As organizations expand the number of platforms, applications, and technologies they rely on for daily business operations, cybercriminals are uniquely positioned to discover and exploit software vulnerabilities. Fortinet saw a record number of zero days and new Common Vulnerabilities and Exposures (CVEs) in 2023, and the number continues to grow. Given how valuable zero-days can be to attackers, the CaaS community is expected to see the rise of zero-day brokers—groups of cybercriminals who sell zero-days on the darknet to multiple buyers. Zero-day threats will continue to pose significant risks to organizations.
The inside game: Many organizations are increasing their security controls and implementing new technologies and processes to strengthen their defenses. These improved controls make it more difficult for attackers to penetrate the network from the outside, so cybercriminals have to find new ways to achieve their goals. Given this shift, Fortinet predicts that attackers will continue to shift to earlier stages of IT infrastructure construction with their tactics, intelligence and tooling, and groups will begin to recruit employees from internal target organizations for initial access.
Narrowing the TTP Playing Field: Attackers will inevitably continue to expand the set of tactics, techniques, and procedures (TTPs) they use to compromise their targets. However, defenders can gain an advantage by finding ways to disrupt this activity. While most of the day-to-day work done by cybersecurity defenders involves blocking indicators of compromise, there is great value in taking a closer look at the TTPs that attackers regularly use to help narrow the playing field and identify potential bottlenecks.
Freeing up space for more 5G attacks: With access to an ever-expanding array of Internet-connected technologies, cybercriminals will inevitably find new opportunities for compromise. With more and more devices coming online every day, Fortinet expects that cybercriminals will increasingly take advantage of attacks on Internet-connected devices in the future. A successful attack on 5G infrastructure could easily disrupt critical industries such as oil and gas, transportation, public safety, finance, and healthcare.
Orientation in the new era of cybercrime
Cybercrime affects everyone, and the consequences are often far-reaching. However, threatening subjects do not necessarily have an advantage. There are many actions the cybersecurity community can take to better anticipate cybercriminals’ next moves and disrupt their activities: collaborate between the public and private sectors to share threat intelligence, adopt standardized measures for incident reporting, and more.
Organizations also play an important role in the fight against cybercrime. This starts with creating a culture of cybersecurity resilience—that is, making cybersecurity everyone’s responsibility—through ongoing initiatives such as enterprise-wide cybersecurity education programs and more targeted activities such as leadership exercises. Finding ways to close the cybersecurity skills gap, such as bringing in new hires to fill open positions, can help businesses navigate the mix of overstretched IT and security staff and the evolving threat landscape.
Download a copy of Fortinet’s full 2024 Forecast Report.
Download a copy of Fortinet’s full report on forecasts for 2024. Wise IT is the official partner of Fortinet in Ukraine. Get a free consultation about modern cybersecurity solutions: