As technology continually advances, threats evolve, and attackers modify their tactics, techniques, and procedures (TTPs), defenders must remain adaptable to stay ahead. The Google Cloud Cybersecurity Forecast 2024 report serves as a strategic guide for the cybersecurity industry, offering insights to navigate the challenges posed by cyber adversaries, thereby helping organizations and security teams prepare for the upcoming year.
The evolving landscape of cybersecurity sees a notable shift with the incorporation of Generative AI and large language models (LLMs) in advanced phishing techniques. Beyond phishing, the scalability of Generative AI allows attackers to execute personalized and convincing campaigns at scale, potentially diminishing public trust in news and online information.
On the defensive front, cybersecurity experts are leveraging Gen AI to strengthen threat detection, response, and attribution, aiming to augment human capabilities in analyzing extensive datasets. This transformative integration of AI and gen AI is poised to empower organizations to address the challenges of threat overload, reduce operational toil, and narrow the talent gap in cybersecurity.
Cybersecurity Forecast by Google
Here is what Google expects can take place in the cybersecurity landscape in 2024:
- Increased Zero-Day Vulnerability Exploitation:
- Ongoing use of zero-day vulnerabilities and edge devices is anticipated to rise in 2024.
- Google predicts a surge in zero-day exploits by both nation-state attackers and cybercriminal groups. Exploiting these vulnerabilities allows attackers to maintain prolonged access to environments.
- Cyber Activity Targeting U.S. Elections:
- The United States presidential election year is expected to witness cyber activities targeting electoral systems.
- Threat actors may engage in espionage, influence operations, social media impersonation of candidates, and information operations targeting voters.
- Rise of Disruptive Hacktivism:
- A resurgence in hacktivism volume was observed in 2022 and 2023. This is expected to continue into 2024.
- Hacktivist activities include DDoS attacks, data leaks, and defacements.
- Wipers in Nation State Cyber Arsenals:
- Growing geopolitical tensions may lead nation-states to incorporate wiper malware into their cyber arsenals in 2024.
- Destructive wiper malware may be strategically placed at important targets.
- Targeting Space-Based Infrastructure:
- Sophisticated state-sponsored cyber actors are expected to exploit Computer Network Exploitation capabilities to compromise space-based infrastructure.
- Activities include interdiction, disruption, denial, degradation, destruction, deception, and espionage.
- Matured attacks on Hybrid and Multicloud Environments:
- Threat actors will evolve techniques to target cloud environments, exploiting misconfigurations and identity issues to move laterally.
- Cross-boundary attacks between different cloud environments are anticipated to mature in 2024.
- Increased Use of Serverless Services by Threat Actors:
- Serverless technologies offer greater scalability, and flexibility, and can be deployed using automated tools.
- Cybercriminals and nation-state operators are predicted to leverage these within the cloud.
- Continued Growth of Extortion Operations:
- Extortion operations are expected to remain the most impactful form of cybercrime in 2024.
- Despite stagnation in growth during 2022, recent trends indicate growth in 2023, likely to continue without significant disruption.
- Espionage and “Sleeper Botnets”:
- Cyber espionage operations will scale with the creation of “sleeper botnets” using vulnerable IoT, SOHO, and end-of-life devices.
- These botnets will utilize a mix of old and new exploits to enhance operational security.
- Revival of Ancient Techniques:
- While new evasion techniques are adopted, some threat actors may resurrect ancient techniques that receive less coverage.
- Shift to Modern Programming Languages by Malware Authors:
- Malware authors will continue developing software in languages like Go, Rust, and Swift for rapid development and evasion of detection.
- Targeting Developers in Supply Chain Attacks:
- Developers will be increasingly targeted in supply chain attacks through software package managers.
- The threat involves compromising developers who unwittingly install malicious packages, allowing threat actors to access source code and add backdoors.
- Growing Mobile Cybercrime:
- Cybercriminals will employ novel social engineering tactics in mobile cybercrime, such as simulating domestic help services and using fake social media accounts or government official messages.
- Steady Cyber Insurance Premiums:
- Despite more entrants in the market, cyber insurance premiums are expected to remain steady.
- Increased competition may provide relief to rising premiums, but a trend towards restrictions in systemic risk coverage is anticipated.
- Consolidation around SecOps:
- In response to customer demand, 2024 is expected to witness increased consolidation in Security Operations (SecOps).
- Customers will seek integrated risk and threat intelligence in their security solutions covering cloud, multicloud, on-premises, and hybrid environments. Vendors are expected to offer opinionated workflows and guidance.
In 2024, emerging technologies will empower both security teams and attackers, expanding the threat landscape. Gen AI will offer new avenues for convincing phishing and information operations, challenging defenders to strengthen detection and response capabilities. This necessitates vigilant preparation, and the Google Cloud Cybersecurity Forecast 2024 serves as essential tools for security leaders, aiding them in strategic preparation for the future.