A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.
What will cybersecurity look like in 2024? Google Cloud’s global Cybersecurity Forecast found that generative AI can help attackers and defenders and urged security personnel to look out for nation-state backed attacks and more.
Contributors to the report included several of Google Cloud’s security leaders and security experts from Mandiant Intelligence, Mandiant Consulting, Chronicle Security Operations, Google Cloud’s Office of the CISO and VirusTotal.
Jump to:
Threat actors will use generative AI and large language models in phishing and other social engineering scams, Google Cloud predicted. Because generative AI can create natural-sounding content, employees may struggle to identify scam emails through poor grammar or spam calls through robotic-sounding voices. Attackers could use generative AI to create fake news or fake content, Google Cloudwarned.
LLMs and generative AI “will be increasingly offered in underground forums as a paid service, and used for various purposes such as phishing campaigns and spreading disinformation,” Google Cloud wrote.
On the other hand, defenders can use generative AI in threat intelligence and data analysis. Generative AI could allow defenders to take action at greater speeds and scales, even when digesting very large amounts of data.
“AI is already providing a tremendous advantage for our cyber defenders, enabling them to improve capabilities, reduce toil and better protect against threats,” said Phil Venables, chief information security officer at Google Cloud, in an email to TechRepublic.
The report noted nation-state actors may launch cyberattacks against the U.S. government as the 2024 U.S. presidential election approaches. Spear phishing in particular may be used to target electoral systems, candidates or voters.
Hacktivism, or politically motivated threat actors not associated with a particular nation-state, is having a resurgence, Google Cloud said.
Wiper malware, which is designed to erase the memory of a computer, may become more common. It has been seen deployed by Russian threat actor groups attacking Ukraine, Google Cloud said. The war in Ukraine has shown state-sponsored attackers might attack space-based technologies to disrupt adversaries or conduct espionage.
Espionage groups in 2024 may create “sleeper botnets,” which are botnets placed on Internet of Things, office or end-of-life devices to temporarily scale attacks. The temporary nature of these botnets may make them particularly difficult to track.
Some of the trends Google Cloud highlighted show that well-known types of cyberattacks should still be on security teams’ radar.
Zero-day vulnerabilities may continue to increase. Nation-state attackers and threat actor groups may embrace zero-days because those vulnerabilities give attackers persisted access to an environment. Phishing emails and malware are now relatively easy for security teams and automated solutions to detect, but zero-day vulnerabilities remain relatively effective, the report stated.
Extortion, another well-known cyberattack technique, stagnated in 2022 but can be expected to grow again in 2024. Threat actors are advertising for stolen data and reporting revenue from extortion that indicates growth.
SEE: The malware SecuriDropper can get around Android 13’s restricted settings to download illegitimate apps (TechRepublic)
Some older threat techniques are becoming popular enough to get on the radar of Google Cloud. For example, an anti-virtual machine technique from 2012 has been seen again recently. And, an attack first documented in 2013 that uses undocumented SystemFunctionXXX functions instead of cryptography functions in a documented Windows API has become popular again.
Google Cloud VP & GM Sunil Potti said in an email to TechRepublic, “Right now, we see organizations running their data in a combination of multicloud, on-premises and hybrid environments – and while it is unrealistic to expect these organizations to host their assets solely in one place, it does make unified, comprehensive security operations and overall risk management particularly challenging.”
In hybrid and multicloud environments, enterprises may need to look out for misconfigurations and identity issues that allow threat actors to move laterally across different cloud environments, Google Cloud said.
Many threat actors, including nation-state threat actors, may use serverless services in 2024. Serverless services provide them greater scalability, flexibility and automation.
Google Cloud has seen a rising interest among attackers in supply chain attacks hosted on package managers such as NPM (Node.js), PyPI (Python) and crates.io (Rust). This type of cyberattack is likely to increase because it costs little to deploy and can have a major impact.
Mobile cybercrime is likely to grow in 2024 as scammers use novel and proven social engineering tactics to gain access to targets’ phones, the report said.
Finally, Google Cloud predicted SecOps will become increasingly consolidated in 2024. This roadmap can be used to drive cybersecurity strategies and purchasing when trying to get ahead of whatever may come in 2024.