Kaspersky Global Research and Analyses Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, focusing on the evolution of Advanced Persistent Threats (APT).
AI-powered Impersonation, The Rise of Creative Exploits for Mobile, and New Botnets
Emerging AI tools are making spear phishing attacks more efficient by automating the process of creating messages that can mimic the writing style of a specific individual. Attackers can gather online data and use it to train language learning models (LLMs) to craft letters that are more likely to deceive the victim by appearing to be from someone they know or trust. This poses a significant threat to individuals and organizations, making it easier for cybercriminals to infiltrate sensitive systems and steal valuable information.
“Operation Triangulation” has led to a groundbreaking year for mobile exploits. This has inspired more research on APTs attacking mobile, wearables, and smart devices. As such, threat actors will likely broaden their surveillance efforts and target various consumer devices through vulnerabilities and “silent” exploit delivery methods. This includes zero-click attacks through messengers, one-click attacks via SMS or messaging apps, and network traffic interception. Therefore, protecting personal and corporate devices has become increasingly vital.
Growth in Cyberattacks by State-sponsored Actors and Hacktivism as a New Normal
With increasing geopolitical tensions, there is a potential surge in state-sponsored cyberattacks in the year ahead. These attacks will likely threaten data theft or encryption, destruction of IT infrastructure, long-term espionage, and cyber sabotage.
Hacktivism is another trend that has become more common as part of geopolitical conflicts. Geopolitical tensions indicate a probable increase in hacktivist activity, both destructive and aimed at spreading false information. This leads to unnecessary investigations and, subsequently, alert fatigue of SOC analysts and cybersecurity researchers.
Supply Chain Attacks as a Service: Operators’ Bulk-buying Access
Supply chain attacks are becoming increasingly common, with smaller companies often targeted to breach larger ones. The Okta breaches that occurred in 2022–2023 highlight the scale of this threat. The motives behind these attacks can range from financial gain to espionage. In 2024, there may be new developments in dark web access market activities related to supply chains, enabling even more efficient large-scale attacks.
Emergence of More Groups Offering Hack-for-hire Services
Hack-for-hire groups are growing, offering data theft services to clients such as private investigators and business rivals. This trend is expected to continue in the coming year.
Kernel Rootkits are Hot Again
Kernel-level security measures such as Kernel Mode Code Signing, PatchGuard, and HVCI (Hypervisor-Protected Code Integrity) are being bypassed by cybercrime groups and APTs. This leads to a rise in Windows kernel attacks, enabled through WHCP abuses. The underground market for EV certificates and stolen code signing certificates is growing. Threat actors increasingly use BYOVD (Bring Your Own Vulnerable Driver) as a part of their tactics.
Managed File Transfer (MFT) Systems Used for Advanced Attacks
MFT systems face increasing cyber threats, exemplified by the breaches of MOVEit and GoAnywhere in 2023. Cyber adversaries are targeting MFT systems for financial gain and operational disruptions. The complex MFT architecture has inherent security weaknesses, making it vulnerable.
To strengthen MFT systems against evolving threats, organizations should implement robust cybersecurity measures such as Data Loss Prevention and encryption. Additionally, promoting cybersecurity awareness among employees can help fortify MFT systems against potential attacks.
The APT predictions have been developed thanks to Kaspersky’s threat intelligence services used worldwide. Read the full report on Securelist.
Leave a comment