Peeking into the crystal ball: What 2023 cyber threats told us about 2024

Last updated at Fri, 19 Jan 2024 15:25:20 GMT

By Raj Samani, SVP Chief Scientist, and Sabeen Malik, Vice President, Global Government Affairs and Public Policy at Rapid7

Stepping into 2024 feels like opening the latest best-selling mystery novel – you know there's adventure ahead, but the plot is still up in the air.

In the twist-riddled world of cybersecurity, we can't help but ask, What's next on the digital horizon? Sure, every business would like 2024 to be “less surprising” in terms of cyber threats, but let’s be honest, that’s not going to happen.

Even though we’re surely in for more than a few surprises in the coming year, there are ways we can be better prepared. So sit back and relax as we venture through some insights we’ve gained in 2023 and offer ways you can put them into practice in the coming year.

Prediction 1: Ransomware actors burning through zero-days

RDP (remote desktop protocol) has long been the initial entry vector of choice for ransomware groups, closely followed by the less-so sophisticated email. However the MOVEit and SysAid campaigns show change is brewing.

Rapid7 has observed an increasing number of zero-day vulnerabilities being exploited by ransomware groups, and it’s unlikely this trend will abate. Forget the mindset that ransomware actors just go after “the low hanging fruit”; they are now exploiting zero-day vulnerabilities at mass scale.

This trend is seeing criminal groups that to date have not demonstrated any real capable skills in gaining access to previously unidentified vulnerabilities, exploit them and gain a foothold into victim networks. This demonstrates that potentially something is afoot in the ransomware ecosystem. For organizations, the message is simple: get your vulnerability management and patching procedures in place and do it now. Being proactive when it comes to dealing with vulnerabilities that are being exploited in the wild is imperative.

Prediction 2:  Cyber Risk and Vulnerability disclosures will lead to consolidation around better risk management practices.

With the growing number of regulatory disclosures for cyber risk management practices and incidents, the emergence of GenAI as a potent tool for cyber attacks, more ransomware hijacks, and the lack of common lexicon around cyber risk, businesses are truly going to have to spend more time than ever determining their risk profile, and subsequently thinking about the tools and services that they will need to address the risks.

This means that more leaders will be deciding between whether to deal with compliance risk mitigation and/or creating agile cyber risk management strategies. The leaders that understand this moment as a rallying call to uplevel the conversation about systemic risks will set their business up for success by not getting sidetracked by playing compliance whack-a-mole, but by investing in a strategic vision for dealing with cyber business risks. Those businesses will also be able to withstand the scrutiny related to more global requirements for disclosure of both cyber risk management and cyber incident response and procedures.  More disclosure may not necessarily lead to clarity in the short term on what are best practices, but over the long term we will see more consolidation on best practices on cyber disclosures and risk management practices.

At the same time, governments will also be struggling to find the right balance on how to incentivize risk management rather than compliance risk mitigation whack-a-mole if they continue to introduce regulations that are not driven by harmonization around best practices and product security instead of first to market on regulations.

Here's the catch: as regulations become more comprehensive, they may inadvertently nudge the industry towards a more consolidated structure - a double edged sword.

Prediction 3: Growth of real-time information sharing within global public-private cyber partnerships

The regulatory dance floor will definitely become more crowded in 2024, especially with AI cutting in.

This new dance partner will be adding to the complexity of tools needed to deal with cyber risk mitigation and will lead to more robust and global public-private partnerships. We might see something like a global cybersecurity flash mob in 2024. Instead of just sharing the usual threat intelligence of cyber threats and cyber risks, governments and businesses will join hands to share threat intel, resources and bolster defenses in concentrated ways to deal with specific threats. Ultimately, moving beyond the historical PPP’s of quarterly meetings, to a more real-time sharing approach in order to deal with the diminishing timelines between initial entry vectors to final stage payloads.

It will be interesting to see if more action oriented partnerships bolster capacity and cyber defenses. In order for such an approach to be successful, a mentality of “information sharing” and an open door of communication must be developed.

Prediction 4: Cloudy with a chance of threats

The cloud will continue to be a critical cyber battleground. And in the coming year, an emerging concern will likely be the misuse of commercial cloud service providers (CSPs). That’s because cybercriminals are no longer relying on known command-and-control servers; instead, they're turning to commercial CSPs for cover to host malicious content.

It’s a clever trend, and it comes back to the game of hide-and-seek, with attackers exploiting the cloud's anonymity and legitimacy, and blending their activities with legitimate services. Combatting this threat requires more innovative solutions, such as those leveraging AI and advanced automation techniques — as well as heightened vigilance — in the cloud. Organizations need advanced risk scoring across cloud environments, so security teams get complete visibility that eliminates blind spots and enables them to effectively prioritize remediation actions.

Prediction 5: AI and automation will be table stakes

As mentioned in prediction 4, innovations in AI and automation promise to effectively address an ever-increasing volume of attacks. Seeing threat intelligence is one thing, but it’s a completely different ball game to be doing something about it. This is where more automated responses come into play. With AI coming and more advanced automation techniques, the majority of detection and remediation or prevention work will occur automatically.

But, let's not get ahead of ourselves. The inevitable rush to market for some solutions means that some AI capabilities will miss the mark. Therefore, organizations that adopt AI solutions must ensure that they truly improve cyber resilience without presenting new cyber risks.

Over the next year, a growing AI use case will be the use of AI synthetic media (i.e., deep fakes) and identity management. Governments will have the challenge of navigating the tricky space between the problematic use case of biometric technology and synthetic media, while businesses will have to understand how to manage the risks with identity and access management.

Be ready for 2024

So, there’s our bird's eye view of what the cyber landscape could look like in 2024. But as always, there will be many shifts, evolutions, and transformations in the new year, some unprecedented and some expected. Regardless, practitioners must stay on their toes, remain vigilant, and aim for resilience. Here's to a more prepared, secure — and less stressful — 2024.

For more thoughts from our team on what 2024 could bring, watch the Top Cybersecurity Predictions webinar on-demand.