Heroes and Villains: the 2024 cyberthreat landscape - Licensed under the Unsplash+ LicenseAny forecast of the 2024 cyberthreat landscape must first take account of major geopolitical shifts.  We have already seen a series of significant impacts of the war in Ukraine in this regard.

Looking forward to 2024, we anticipate increased activity from Iran, known for its hackers and history of offensive cyberoperations. There will also be potential fall out from the Israeli-Palestinian conflict, with repercussions for the countries of the European Union. Typically, these increased risks take the form of hacking, and we anticipate these attacks to span various sectors.

However, the majority of the threats we foresee in 2024 do not originate from major geopolitical activity. Instead, they come from the development of new technology itself.

Infostealers on the increase

The trend for infostealers (such as MacStealer, Atomic (AMOS), Noknok, and Realst) will increase. An infostealer, a contraction of “information” and “stealer”, is a variant of malware that aims to extract sensitive or personal data from a computer system for malicious purposes. They are designed specifically to recover personal information such as identity or bank details.

Infostealer incidents have already more than doubled in Q1 2023. The main reason why cybercriminals use infostealers is their discretion. They operate silently and can yield a diverse array of target data.

A key part of this increase has been the expansion of infostealers from the Microsoft ecosystem into the Mac OS community. The criminals have shown notable consistency, going after similar targets such as web browsers, cryptocurrency wallets and sensitive files. They also appear to have leveraged substantial resources at the Mac OS-specific iCloud.

This trend itself represents the onset of platform diversification. Malware originally developed for Windows now targets Linux and Mac OS. In other words, the systems previously seen as ‘safe’ are being actively targeted.

This may explain why new groups can rise quickly to prominence. Our 2023 Cyber Threat Semester Report revealed that threat actors such as Bronze Butler, TA505 Wizard Spider, and Turla are becoming increasingly complex in the evasion methods they employ and how they target their victims.

The report also showed that innovation and adaptability are now key assets of these leading groups. It enables them to assault businesses and new platforms successfully and consequently grow quickly in an ever-changing digital environment.

DLL dilemmas

Another technical element set to make its mark in 2024 is the use of dynamic link library (DLL) files for malicious purposes. DLLs form an essential component in the correct operation of the Windows operating system and the programs running on it. As a result, they are regularly the target of sophisticated attacks.

Attacks involving DLLs are sophisticated affairs requiring a thorough knowledge of Windows. They load malicious code to enable threat actors to evade defences, remain persistent and escalate privileges. They enable long-term, aggressive operations to be set up that bypass several detection systems. It makes them ideal for those gangs or organisations developing advanced, persistent threats (APTs).

However, it is clear that for 2024, the single biggest technologically based threat will be artificial intelligence (AI).

The AI threat matures

AI is changing the game for many cyber threat actors as it matures. It has already increased the number of adversaries by making tools available to beginners, expanding capabilities beyond experienced hackers.

Secondly, AI is making this expanded community of threat actors faster. AI can assist with code development, meaning cybercriminals can accelerate their development cycles.

Thirdly, AI enables this community to revisit old tactics by driving an increased sophistication of existing attack vectors. We expect to see this as a big trend in 2024. Phishing, for example, will be more elaborate: we will see the development of personalised messages, the use of deepfakes and emails that are better written and therefore less suspicious, thus more effective.

Consequently, 2024 will inevitably see a sharp increase in sophisticated attacks on businesses.

Unfortunately, the issues with AI also extend into the realm of longer-term attacks.  As we move towards a future where artificial intelligence will be increasingly natively integrated into information systems, the origin of the data used to train AI models will be critical. It is not beyond the capabilities of cybercriminals to infect AI systems with false data to open future avenues of attack.

Consequently, new research, best practices, and technologies will need to be developed to ensure the security, authenticity and integrity of the data driving the AI revolution.

Responding to threats in 2024

Against such technological prowess and the threat of AI, businesses face a considerable threat of lagging behind cyber criminals that are becoming ever more sophisticated. The pace of threats will increase. The only way to improve cyber security and resilience is the automation and orchestration of cyber defence tools.

As a result, we foresee a marked increase in the development of network detection throughout 2024 – both in terms of new deployments of NDR technologies and expansions of existing projects.

According to our study published in 2023, endpoint detection and response (EDR) remains the most favoured cyber security response amongst European IT decision-makers. It was cited by 62% of those surveyed. However, 55% of IT decision-makers also named Network Detection and Response (NDR) as a technology their organisation plans to use to defend against advanced persistent threats. It suggests that businesses are finally accepting the need for increased visibility across their network, recognising more substantial threats.

Alongside these figures, we are already seeing an increased focus on investing in generative AI and associated tools to enable automated responses to these threats. This can be seen as part of the shift identified by analyst firm Gartner. It identified that: “By 2026, secure and proactive organisations will experience a 66% reduction in security breaches.”

To build this momentum, given the lack of resources in the cyber sector, the challenge throughout 2024 will be to create tools that are easy to access and accessible to professionals and not just cyber experts. In the same report, Gartner identifies a growing trend: “Human-centric security design practices to minimize cybersecurity-induced friction and maximize control adoption”.

Businesses must become heroes

In other words, just as AI has made it easier to become a villain. Businesses must make it easier to become a hero. The first step in this is to increase the visibility of threats.  Technologies that do this – such as NDR – are proven to reduce cyber risk and mitigate the impact of security incidents.

By supporting rapid investigation,  internal visibility, intelligent response and enhanced threat detection, NDR is a vital pillar of a defence strategy: making it difficult for threat actors to hide their activity at the network layer and identifying an intrusion from the very first indicators.


Please enter your comment!
Please enter your name here