Global cybersecurity leader, Trend Micro Incorporated, has issued a warning about the anticipated proliferation of AI-driven cyber attacks in 2024. The company’s 2024 cybersecurity predictions highlight the transformative role of generative AI (GenAI) in the cyber threat landscape.
Advanced AI Tools Pose Significant Threat
The widespread availability and improved quality of GenAI, coupled with the use of Generative Adversarial Networks (GANs), are expected to disrupt the phishing market in 2024.
Eric Skinner, VP of market strategy at Trend, stated that advanced large language models (LLMs), proficient in any language, pose a significant threat as they eliminate the traditional indicators of phishing. This transformation will enable cost-effective creation of hyper-realistic audio and video content, driving a new wave of business email compromise (BEC), virtual kidnapping, and other scams.
AI Models Under Attack
AI models themselves may also come under attack in 2024. While GenAI and LLM datasets are difficult for threat actors to influence, specialized cloud-based machine learning models are a far more attractive target. The more focused datasets they are trained on will be singled out for data poisoning attacks with various outcomes in mind—from exfiltrating sensitive data to disrupting fraud filters and even connected vehicles. Worryingly, such attacks can be carried out for as little as $100.
Regulatory Scrutiny and Industry Response
These trends may, in turn, lead to increased regulatory scrutiny and a push from the cybersecurity sector to take matters into its own hands.
“In the coming year, the cyber industry will begin to outpace the government when it comes to developing cybersecurity-specific AI policy or regulations,” said Greg Young, VP of cybersecurity at Trend. “The industry is moving quickly to self-regulate on an opt-in basis”.
Additional Predictions for 2024:
- Cloud-Native Worm Attacks: An increase in automated worm attacks targeting vulnerabilities and misconfigurations in cloud environments, potentially impacting multiple containers, accounts, and services.
- Cloud Security Imperative: Cloud security will remain crucial for organizations to address vulnerabilities in cloud-native applications and ensure data protection.
- Social Engineering Threats: In 2024, social engineering threats will adapt to new technologies being implemented by enterprises for hybrid workers. Business email compromise (BEC) scams will develop, further harassing global enterprises with increasingly targeted schemes. For ordinary individuals, romance schemes will be a focus in 2024. Deepfakes will also be a bigger issue after seeing underground forum users planning to use deepfakes to fool financial institutions in 2022.
- Data at Risk: Data will be the main target for cybercriminals in 2023 since it is a lucrative asset that can be used in many ways: ransom, identity theft, extortion, targeted advertising, and more.
- Cybersecurity in Transition: Enterprises and organizations are facing a period of transition and uncertainty. Malicious actors will hunker down and reuse tried-and-tested tools and techniques. Security and protection from these motivated groups should be paramount for enterprises.
- Workforce Shift: Many office employees have become comfortable with remote work in a post-pandemic world. Hybrid environments have not only become the norm, but the preferred situation for many employees. This environment, as well as new technologies being adopted, presents a unique and expanded attack surface.
This report underscores the urgent need for businesses to transition beyond conventional phishing training and prioritize the adoption of modern security controls. These advanced defenses not only exceed human capabilities in detection but also ensure resilience against these tactics.