Zaheer Ebrahim, solutions architect at Trend Micro MEA.
2023 has been a year that has seen many changes within the technology industry. The most notable development was that of artificial intelligence (AI), which dominated conversations to the point that “prompt” was named a finalist for the competition. Oxford Word of the Year 2023. Discussions around AI are no less important in the cybersecurity industry, as 2024 is expected to mark the start of significant changes in how organizations protect themselves and their assets in the future.
AI is, of course, not the only change organizations need to keep an eye on this year. As businesses continue to digitize, cloud and Web3 technologies have come to the forefront as they consistently demonstrate their value to business growth. However, it is these new solutions that also present new opportunities for cybercriminals. In the latest report from Trend Micro, Critical scalabilityWe found that the transformative potential of these technological advances will peak in 2024 and present organizations and their cybersecurity teams with new battle fronts.
1. Close security gaps in cloud environments
Cloud adoption among organizations in South Africa has grown exponentially in recent years. At the same time, this has expanded the attack surface and organizations will need to ensure their security settings also evolve as their IT infrastructure transforms.
Trend Micro’s latest research shows that cloud environments will become the playground for bespoke worms designed to exploit cloud technologies. To do this, bad actors use misconfigurations as easy entry points. A study carried out by the Worldwide Open Application Security Project (OWASP) found that configuration errors were among the top API risks for organizations. Deworming capabilities can potentially trigger rapid spread in cloud environments due to cloud interconnectivity.
The ideal approach to any cloud migration journey is to ensure cybersecurity is considered at every stage of the process. This requires security teams to look beyond typical malware and vulnerability scans, and proactively assess cloud environments in anticipation of these worm attacks.
2. Protect data to defend ML models
Cloud-based machine learning (ML) models that poison data are an emerging threat, but they will gain prominence in 2024. Defenders will face an expanded attack surface, as a model of Weaponized machine learning can open the floodgates and lead to consequences such as the disclosure of confidential data. for mining, writing malicious instructions, and providing biased content that could lead to user dissatisfaction or potential legal repercussions.
Although ML models still represent a costly integration for many businesses, 69% of IT leaders consider ML integration a top priority for operations. With this in mind, it will be crucial for those deploying this technology to validate and authenticate training datasets in order to prevent an attack. Companies can choose to reduce costs by offshoring their algorithms. However, because the data comes from third parties, this can make an ML model vulnerable to data poisoning.
3. Generative AI Gives Cybercriminals an Advantage
AI continues to be a tool that makes it easier to fight cybercriminals, but it is also used by bad actors themselves. In the case of social engineering scams such as spear phishing, spear hunting, and virtual kidnappings, generative AI has played a key role in increasing criminals’ success rates. This is just the tip of the iceberg, however, as 2024 is expected to bring more progress in this type of attack. Voice cloning has already begun to make its way into criminals’ toolboxes for identity theft and social engineering.
Even though WormGPT, a malicious large language model (LLM), was shut down in August last year, it’s unlikely we’ll see the end of this type of tool. Cybercriminals are often quick to turn to alternatives, and AI researchers have demonstrated that it is possible to trick generative AI systems into bypassing their own censorship rules.
Widespread legislation has not yet been passed on generative AI, but it is possible to be proactive in protecting your organization. Implementing zero trust policies and encouraging employees to adopt a vigilant mindset will help protect an organization from attacks.
4. The weak point of supply chain software
Supply chains remain an attractive target for cybercriminals. In fact, Trend Micro found that more than half (52%) of global organizations had their supply chains disrupted by ransomware. Many IT leaders surveyed expressed concern about the high risks their companies faced due to their network of partners and customers.
These attacks are expected to infiltrate vendors’ software supply chains through their continuous integration and continuous delivery (CI/CD) systems. Ambitious threat actors are more likely to strike at the source and target the code that IT infrastructures are built on. We expect these attacks to focus on third-party components such as libraries, pipelines, and containers, resulting in credential harvesting, resource hijacking, cryptomining, and denial of service attacks. distributed (DDoS).
Taking proactive steps to protect an organization’s CI/CD systems can help reduce the risk of an attack. This includes implementing application security tools that can quickly recognize suspicious behavior, deploying these protections across the entire CI/CD pipeline, conducting in-depth research and analysis on libraries and containers before use, and monitoring all external dependencies for hidden vulnerabilities.
5. Extortionists turn to blockchain
Private blockchains have become popular among businesses looking to reduce costs in areas such as supply chain management and intra-company accounting. However, these systems are not subject to the same stress tests as their public counterparts and are therefore not as resilient. Cybercriminals running extortion schemes see this as a significant advantage and will seek to exploit it in 2024.
Since operators of private blockchains can modify, ignore or delete any entry, attackers will seek to seize administrative rights. With this access, they can write malicious data, modify existing records, and encrypt the entire blockchain to prevent it from functioning until a ransom is paid.
As with all new technologies like blockchain, it takes time to develop the skills needed to run and manage the solution internally. Organizations will need to rely on external providers for this function and choose to work closely with their suppliers to manage security.
Technology solutions such as blockchain, AI and ML all have the potential to support organizations on their digital transformation journey and uncover more growth opportunities. However, it is essential that business leaders ask the important questions around security to ensure that these new tools do not create more vulnerabilities and open a company’s defenses to a cyberattack. The protection of digital assets, confidential data and the entire technology infrastructure of the organization must be considered at every stage of deployment. A strong security posture that supports the business and its operations is invaluable when it comes to future-proofing an organization.