Expert SpeakNewsOutlook

Proofpoint’s Forecast for 2024: Defenders Prepare for Impact, Covering Social Engineering to Generative AI


Written by Patrick Joyce, Resident CISO, Proofpoint

In the ever-evolving landscape of cybersecurity, defenders find themselves navigating yet another challenging year. Threat actors persistently refine their tactics, techniques, and procedures (TTPs), showcasing adaptability and the rapid iteration of novel and complex attack chains. At the heart of this evolution lies a crucial shift: threat actors now prioritize identity over technology. While the specifics of TTPs and the targeted technology may change, one constant remains: humans and their identities are the most targeted links in the attack chain.

Recent instances of supply chain attacks exemplify this shift, illustrating how adversaries have pivoted from exploiting software vulnerabilities to targeting human vulnerabilities through social engineering and phishing. Notably, the innovative use of generative AI, especially its ability to improve phishing emails, exemplifies a shift towards manipulating human behaviour rather than exploiting technological weaknesses. This is reflected in recent Proofpoint data, with CISOs in the Middle East, identifying phishing (smishing/vishing) as the most significant threat targeting their organizations of late.  In addition, 59% of global board directors believe generative AI is a security risk for their organization.

As we reflect on 2023, it becomes evident that cyber threat actors possess the capabilities and resources to adapt their tactics in response to increased security measures such as multi-factor authentication (MFA). Looking ahead to 2024, the trend suggests that threats will persistently revolve around humans, compelling defenders to take a different approach to breaking the attack chain.

Cyber Heists: Casinos are Just the Tip of the Iceberg
Cybercriminals are increasingly targeting digital supply chain vendors, with a heightened focus on security and identity providers. Aggressive social engineering tactics, including phishing campaigns, are becoming more prevalent. Phishing help desk employees for login credentials and bypassing MFA through phishing one-time password (OTP) codes are becoming standard practices. These tactics have extended to supply chain attacks, compromising identity provider (IDP) vendors to access valuable customer information. The forecast for 2024 includes the replication and widespread adoption of such aggressive social engineering tactics, broadening the scope of initial compromise attempts beyond the traditional edge device and file transfer appliances.

Generative AI: The Double-Edged Sword
The explosive growth of generative AI tools like ChatGPT, FraudGPT and WormGPT brings both promise and peril. At the moment, threat actors are making banks do other things. Why bother reinventing the model when it’s working just fine? But they’ll morph their TTPs when detection starts to improve in those areas.

On the flip side, more vendors will start injecting AI and large language models into their products and processes to boost their security offerings. Across the globe, privacy watchdogs and customers alike will demand responsible AI policies from technology companies, which means we’ll start seeing statements being published about responsible AI policies.

Mobile Device Phishing: The Rise of Omni-Channel Tactics Take Centre Stage
A notable trend for 2023 was the dramatic increase in mobile device phishing and we expect this threat to rise even more in 2024. Threat actors are strategically redirecting victims to mobile interactions, exploiting the vulnerabilities inherent in mobile platforms. Conversational abuse, including conversational smishing, has experienced exponential growth. Multi-touch campaigns aim to lure users away from desktops to mobile devices, utilizing tactics like QR codes and fraudulent voice calls. This not only makes phishing attacks more effective on mobile devices but also complicates detection for corporate security teams.

Open-source and generative AI: Leveling the Ground for Malware Developers
Malware developers are leveraging open-source tools and generative AI, making advanced programming techniques accessible to a broader audience. As a result, malware capable of evading sandboxes and endpoint detection and response (EDR) tools is becoming more widespread. The accessibility of free and open-source software facilitates the incorporation of advanced detection-bypass capabilities into various malware projects. This democratization lowers the barrier to entry for less skilled developers, contributing to the proliferation of sophisticated malware families.

Identity-Centric Breaches: The Achilles Heel
Identity-based attacks will dominate breaches, exploiting vulnerabilities rooted in human behaviour and obscured by limited visibility. The conventional belief that cyber attackers rely on common vulnerabilities and exposures (CVEs) is losing relevance. The new truth: “Identity is the new vulnerability.” Organizations must shift their focus from primarily fortifying infrastructure to securing stored credentials, session cookies, and access keys, and addressing misconfigurations, especially when it comes to privileged accounts (very much now including their IDPs). The human link in the attack chain demands swift and innovative defences.

In conclusion, 2024 presents cyber defenders with a formidable challenge as threat actors refine their strategies to exploit the human element. To counter these evolving threats, defenders must adopt proactive and adaptive strategies, recognizing that the human factor remains a critical link in the cyber defence chain. As the battleground shifts, a resilient defence that addresses the multifaceted challenges of identity-based attacks, generative AI-driven threats, and mobile device phishing is essential to secure the digital frontier and create a greater focus on breaking the attack chain.

Prarthana Mary

Huawei CBG UAE Attains Certification for International Data Privacy Management System

Previous article

Lenovo Launches New Hybrid Cloud Platforms and Services to Accelerate AI

Next article

You may also like


Comments are closed.

More in Expert Speak