In 2024, hacking techniques will be powered by AI technology, and the same old problems will have a new level of complexity and persuasion factor
These are just a few of the emerging 2024 hacking techniques employed by consistently better-funded and patient adversaries engaged in advanced persistent threats, which all organizations need to consider.
As we forge onward into the 2024 cybersecurity working week, our industry continues to morph and change. The emergence of sophisticated hacking techniques poses unprecedented challenges for CISOs, CTOs, network engineers, and cybersecurity practitioners. With MoveIT still casting a shadow over the industry, the true impact of which still remains a mystery, it’s a guarantee there will be new and unforeseeable challenges ahead and unknown cybersecurity vulnerabilities around every corner.
We can, however, expect to see more of the following:
AI-Powered Phishing Scams
The integration of artificial intelligence in phishing attacks has led to a new breed of highly personalized and convincing scams. These AI-powered attacks can analyze a user’s online behavior and craft messages that mimic the tone, style, and typical content of communications they trust. Real-World Example: Consider the Singaporean organization Saber Holdings Pte Ltd, where a cybercriminal impersonated Saber’s CEO on WhatsApp, deceiving an employee into transferring a substantial amount of money (allegedly for an acquisition). The fraudster also hacked the CEO’s email to send additional instructions. The employee sent €700,000 to a Hong Kong company’s account. Saber managed to recover the funds but likely incurred significant legal costs.
Combating these sophisticated attacks requires a three-pronged approach.
First, deploying advanced AI-based detection tools that can analyze communication patterns and flag anomalies.
Second, regular employee training sessions and refresher sessions should be conducted to highlight the signs of phishing, the dangers of phishing attacks, and to raise awareness about these ever-evolving threats.
Third, react to the symptoms of a potential compromise swiftly and efficiently. Employ real-time predictive cybersecurity analytics and behavioral profiling to detect unusual activities and potential threats within an organization’s network, to continuously analyze application behavior, cross-referencing it against established patterns to identify deviations that may indicate a security breach.
In Q4 of 2023, there were 1,154 global ransomware incidents [Cyberint].
Ransomware, as an inevitable part of the emerging 2024 hacking techniques, has evolved beyond mere data encryption. As organizations increasingly back up data, ransom payments have declined, with many opting to restore from backups despite operational disruptions. Adapting to this shift, cybercriminals developed “double extortion” attacks. Here, they first exfiltrate sensitive data, including personally identifiable information and intellectual property, to their servers before encrypting the victim’s data. This data, often threatening regulatory compliance and competitive advantage, is then leveraged for extortion, with initial samples posted on dark web leak sites. Threatening to leak or sell the entire data set, attackers pressure victims to pay up. However, there’s little guarantee the data won’t be monetized even after payment. All industries are vulnerable to ransomware extortion, but healthcare, where medical device security is becoming increasingly important, appears particularly vulnerable due to the high levels of PII medical organizations hold. Universal Health Services, managing 400 hospitals in the U.S. and U.K., faced a severe attack, crippling IT systems and delaying treatments, leading to $67 million in revenue and reputation losses. Meanwhile, Oregon’s Sky Lakes Medical Center, hit by ransomware, refused to pay the ransom but had to replace over 2,000 computers and servers for system restoration.
Zero-day attacks exploit previously unknown software or hardware vulnerabilities to distribute ransomware, occurring before the vendor can create a patch, and security teams are now expected to defend against the totally unknown and unforeseeable. We can expect more of the same in 2024.
Key strategies for mitigation against ransomware attacks include maintaining regular, off-site backups, preventing zero-day attacks, investing in robust endpoint security solutions, and implementing strict network segmentation to consider how ransomware spreads, isolate ransomware, and limit the spread of such attacks.
Supply Chain Compromises
Attackers often target the most vulnerable points in a supply chain, exploiting lesser-secured networks of smaller vendors or partners, and we can expect this to become more prevalent in the coming months.
The ramifications of SolarWinds are still front of mind for many security teams, but SoalarWinds is just one of many. In July 2021, a flaw in Kaseya’s Virtual Systems Administrator (VSA) software, a tool for remote monitoring and management of extensive computer networks, was exploited. This attack impacted numerous Managed Service Providers (MSPs) and their clients. The REvil ransomware group exploited an authentication bypass vulnerability in the on-premise Kaseya VSA server, disrupting hundreds of businesses. Although Kaseya denied paying a ransom, it obtained a decryption tool from an undisclosed third party to resolve the issue. In a statement, the FBI called the incident a “supply chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple MSPs and their customers.”
To safeguard against such threats, of which we will no doubt see more as 2024 hacking techniques raise their ugly heads and make the popular press, businesses should enforce rigorous security audits for all third-party vendors and adopt continuous monitoring practices to detect and respond to software supply chain attacks swiftly. Implement robust security controls and monitoring across the network to scrutinize third-party applications and services for anomalous behavior, leveraging advanced analytics to detect and isolate potential threats originating from compromised elements in the supply chain, thereby safeguarding the integrity of the entire network.
The proliferation of IoT devices in business environments has opened new avenues for cyber-attacks. The widespread integration of IoT systems into our daily routines and their increasing reliance highlights the urgency of IoT protection. However, the effectiveness of IoT security is hindered by inadequate or nonexistent measures, especially given the exponential growth of these devices, which are projected to reach 75.44 billion by 2025, up from 15.41 billion in 2015 [Statistica].
Stuxnet, a notorious IoT attack, targeted a uranium enrichment facility in Natanz, Iran. It compromised Siemens Step7 software on Windows, enabling control over industrial program logic controllers. This breach facilitated the manipulation of machinery and access to critical industrial data. Discovered in 2010 after unusual failures of uranium enrichment centrifuges at Natanz, further investigation revealed the Stuxnet worm in Iranian systems. While detailed impacts remain undisclosed by Iran, it’s estimated that Stuxnet damaged 984 centrifuges, reducing enrichment efficiency by 30%.
Organizations should enforce strict security policies for IoT devices, including regular firmware updates and isolating these devices on separate network segments using IoT microsegmentation best practices. Treating IoT devices like any other part of a vulnerable network will be the only way to prevent their exploitation as one of the growing 2024 hacking techniques in the months to come.
Deepfake and AI Technology in Social Engineering
The use of deepfake technology in social engineering has seen a sharp rise. These deepfakes can create highly convincing audio or video clips of individuals, such as CEOs or public figures, to manipulate employees or the public. Deepfake material of a CEO can be sourced from earnings calls, interviews, TED talks, and other recordings. After thorough post-processing, these videos can become almost indistinguishable from reality.
The CEO of a UK-based energy company was deceived into transferring €220,000 (about $243,000) to a Hungarian supplier’s account, believing he was obeying his German parent company’s chief executive. However, it was a fraudster using AI voice technology to mimic the German executive’s voice, complete with a subtle accent and familiar ‘melody,’ as noted by Rüdiger Kirsch of Euler Hermes Group SA, the company’s insurer [Wall Street Journal].
In another example, last year, a fake image of black smoke from a building near the Pentagon, likely created with artificial intelligence, briefly stirred investor panic and impacted financial markets. Experts soon debunked the image, leading to a quick market recovery. However, this incident highlighted the government’s concern about AI’s potential to cause panic and spread disinformation, with potentially severe repercussions.
To combat these sophisticated and highly persuasive attacks, companies will have to implement multi-factor authentication across all systems and conduct training to help employees recognize signs of deepfake manipulations—such as unnatural movements or facial expressions, inconsistent lighting, blurred edges, and audio that may not quite sync with lip movements.
In the increasingly dynamic, persuasive, and perilous playing field of 2024’s cybersecurity threats, awareness and proactivity will be key. Understanding these 2024 hacking techniques is the first step in fortifying defenses against them. Businesses and security teams will have to continually evolve their security strategies to address these emerging threats, be ready for the unknown, and safeguard their valuable assets by promoting awareness and best practices across the org.