A new report by Recorded Future predicts the biggest cybersecurity threats for the year 2024. The report looks at the trends from 2023 to guess what might happen next year. One of the top predictions is that cybercriminals may target file transfer services. They will try to sneak bad code into software and come up with new ways to trick people.
In this article, we will consider the different ways these threats will likely show up.
Attackers May Target File Transfer Services Like MOVEit
The report says that at least one ransomware group might be able to attack hundreds of targets. They could do this by using a weakness in popular file transfer solutions that businesses use. This is like what happened not too long ago with a service called MOVEit. File transfer services are tempting targets for attackers because they deal with sensitive data.
Attackers may also target IT systems that help with remote work. Online businesses that also handle sensitive personal or banking data, such as online casinos are also at risk. Generally, when you sign up at online real money casinos, you will be required to provide your personal data. You might also be required to upload verification documents such as a National Identification number. Access to such data by unauthorized people can lead to identity theft.
To get ready, organizations should review at their incident response plans and talk directly with vendors. They should also watch intelligence feeds to know about new weaknesses.
The Software Supply Chain Could Be at Risk
Hackers have also been sneaking malicious code into open source platforms like GitHub. In doing so, they target software developers who are likely to download this bad code or use it in their projects. Package managers like npm and PyPI have been specifically targeted.
Phishing Tactics May Change
In 2023, phishing was a common way for attackers to get into systems. They used different ways to avoid being caught, like sending bad files in archive or HTML formats. Phishers also started using text messages, QR codes, and company messaging systems to spread malware or links to bad sites.
As more organizations use better ways to prove who you are, like magic links and biometrics, attackers may change their tricks. They might send fake magic links or use AI to make phishing emails that look more real. Some bad guys may stop trying to take over accounts and start trying to make new fake accounts instead.
Malware Might Target More Operating Systems
In 2023, more hackers used programming languages that allow malware to target multiple operating systems. This means that macOS and Linux users should be cautious, as malware has traditionally focused on Windows. For example, the notorious ransomware gang LockBit seemed to be testing a macOS variant in April, although it hasn’t been seen in the wild yet.
Hacktivists and Cybercriminals May Blur Lines
The report says that in 2023, it became harder to tell the difference between hacktivists who attack for a cause and cybercriminals who attack for money. The former often want attention for their attacks, which can make things messy. Cybercriminals can use this mess to their advantage. Criminals might launch attacks that look like hacktivist attacks. Some hacktivists might even sell exploits or DDoS-for-hire services to make money for their activities.
Election Interference Could Be a Concern
Political motivations are expected to drive influence operations around the 2024 elections. The report suggests that Russia and China may try to harm candidates who support Ukraine and Taiwan. Their campaigns might aim to intensify political polarization in the U.S. and undermine the democratic process.
For now, the exact details of how this will play out are yet to be known. However, it is not hidden knowledge that hackers are constantly evolving. As such, this would play out in the least expected fashion, causing a rise in concern and increased security.
Conclusion
The world of cybersecurity is always changing, and organizations need to stay alert to stay safe. By knowing about the possible threats in Recorded Future’s report, defenders can get ready for 2024. They should make their incident response plans stronger, watch the software supply chain, and be ready for new phishing tricks. They should also know that different types of attackers might work together. Staying informed and taking action will always be important in the ever-changing world of cybersecurity.