AhnLab About AhnLab

Search

AhnLab Announces Top 5 Cybersecurity Threat Predictions for 2024

Date
01-03-2024
Hit
5082

Top 5 security threats in 2024 forecasted by AhnLab:

Increase in cyberattacks and hacktivist activities between hostile forces

Acceleration of changes to Ransomware-as-a-Service (RaaS) organizations

Ransomware strains targeting virtualization platforms becoming highly active

Propagation of malicious Android apps aiming for cash and personal info

Advancement of attacks targeting personal wallets for the purpose of stealing cryptocurrencies 

 

 

 

 

 Jan 3, 2024 – AhnLab, Inc., a leader in cybersecurity, summarized its forecast on cybersecurity threats in 2024 and presented the "Top 5 Cybersecurity Threat Predictions for 2024."

 

AhnLab's top 5 cybersecurity threat predictions for 2024 are as follows:

Increase in cyberattacks and hacktivist activities between hostile forces

Acceleration of changes to Ransomware-as-a-Service (RaaS) organizations

Ransomware strains targeting virtualization platforms becoming highly active

Propagation of malicious Android apps aiming for cash and personal info

Advancement of attacks targeting personal wallets for the purpose of stealing cryptocurrencies

 

 

Top 5 Cybersecurity Threat Predictions for 2024

 


1. Increase in cyberattacks and hacktivist activities between hostile forces

 

Amidst the global exacerbation of conflicts stemming from many factors such as ideologies, religions, and interests, cyberattacks between hostile forces are predicted to increase in 2024. Those involved in conflicts are expected to employ various methods to reach their goals. They may use deepfake technology to create fake news for propaganda or falsely claim that the data exfiltrated in the past are the results of new hacking incidents. State-backed threat groups may not only launch attacks to extort information from opposing forces but also aim to cause an outage of infrastructures such as electricity supply systems. For these purposes, threat actors are predicted to attempt "supply chain attacks" on partners of the opposing party with comparatively vulnerable security policies besides directly attacking their targets.

 

"Hacktivist" activities are also expected to increase in the same context. Hacktivist is a compound word composed of hacker and activist and refers to activists that use hacking activities as a means of protest. They are expected to use artificial intelligence (AI) to easily create and distribute deepfake audios and videos en masse to reach their political or ideological goals. Some countries may fund hacktivists or organize them into groups under certain circumstances.

 

2. Acceleration of changes to Ransomware-as-a-Service (RaaS) organizations

 

Recently, the response of law enforcement authorities against cybercrime forums and black markets is continuously being enhanced. Response measures of judicial authorities such as international cooperation against RaaS* organizations which cause much harm to individuals and organizations alike will be likely to continue through 2024.

* RaaS: A new ransomware business model where a cybercriminal provides the tools and services necessary for distributing and managing ransomware

 

Accordingly, RaaS organizations are expected to make various changes to upkeep their ecosystem. They may accelerate their "rebranding" processes where they switch between forums and markets on the dark web and change their names. RaaS organizations are also likely to employ "multi-ransomware" tactics such as using variants of other RaaS organizations' ransomware strains to render tracking by investigative agencies difficult and use them as a backup measure when attacks fail.

 

3. Ransomware strains targeting virtualization platforms becoming highly active

 

Recently, there has been a steady increase in companies that implement "virtualization platforms" such as clouds to efficiently manage hardware resources. Under these circumstances, ransomware attacks that target these platforms to steal key documents, internal infrastructure, and confidential data from companies are predicted to increase.

 

In particular, solutions with high market shares have a higher potential to become targets. For example, the ransomware strain that targets ESXi servers (VMware's hypervisor platform) has been increasing in number and variants since its first appearance in 2020. Because various other virtualization platforms including Hyper-V, KVM, and Xen are used in many field offices, ransomware prevention and monitoring are required for such platforms.

 

4. Propagation of malicious Android apps aiming for cash and personal info

 

With the concentration of financial service use and sensitive user information in smartphones, many malicious apps were discovered in 2023. In 2024, it is likely that malicious apps that target the money and sensitive information of users become more advanced and even spread to various other platforms such as smart TVs, smartwatches, and smart homes.

 

Recently discovered fraudulent loan apps collect and exfiltrate personal information, including contact details and income statements, as well as financial data such as bank account information under the guise of providing legitimate personal loan services. The malicious apps are becoming more clever in not rousing user suspicions by employing methods such as having intricately crafted mobile websites and being found on the official Google Play app store. These apps are expected to expand and be distributed to various Android-based platforms including smart TV set-top boxes, smartwatches, and smart homes for the purposes of extorting personal data and raising ad revenues.

 

5. Advancement of attacks targeting personal wallets for the purpose of stealing cryptocurrency

 

Many threat groups are steadily attacking personal user wallets and exploiting blockchain vulnerabilities to steal cryptocurrencies whose transaction histories are difficult to track. Attacks that aim to extort cryptocurrencies tend to increase and decrease along with the fluctuation in cryptocurrency values.

 

On these grounds, there have been forecasts that along with the half-life period of cryptocurrencies coming around on April 2024 when cryptocurrency supply decreases, the values of cryptocurrency assets will rise overall. Threat actors are predicted to resume their previously stagnant attacks to steal cryptocurrencies after the increase in their values. Particularly, they are expected to focus on individual users who have comparatively weaker levels of security to increase the success rate of their attacks instead of hacking cryptocurrency exchange centers with established security systems.

 

To prevent such security threats, organizations must implement the following response measures optimized for the organization's environment:

Regularly conducting security checks and applying patches for internal PCs, OS, software, and websites

Utilizing security solutions and services and providing security training for executives and staff members

Monitoring authentication histories for administrator accounts

Implementing multi-factor authentication (MFA).

 

Individuals in turn must comply with security guidelines including the following:

Refraining from executing attachments and URLs in emails from unknown sources

Downloading contents and software from official sources

Applying the latest security patch for software, OS, and Internet browsers

Using two-factor authentication (2FA) in addition to passwords for logging in

Keeping anti-malware products updated to the latest version and activating real-time monitoring features

 

AhnLab Security Emergency response Center (ASEC) team manager Hayoung Yang remarked digital technology "is so ingrained in all parts of our daily lives that we can no longer imagine life without IT technology. On the other hand, because this environment provides a stage where cybercriminals can be active, both organizations and individuals must integrate security measures in everyday life."

 

 

To learn more about AhnLab, visit www.ahnlab.com

About AhnLab, Inc. 

Founded in 1995, AhnLab, Inc., a leader in cyber threat analysis, delivers comprehensive protection for endpoints, networks, transactions, and essential services. AhnLab provides best-of-breed threat prevention that scales easily for high-speed networks by combining cloud analysis with endpoint and server resources. AhnLab’s multidimensional approach combines with exceptional service to create truly global protection against attacks that evade traditional security defenses. That’s why more than 25,000 organizations rely on AhnLab’s award-winning products and services to make the internet safe and reliable for their business operations. 

top