As we approach the end of the year, cybersecurity experts at Cofense have peered into the future to offer a glimpse of what 2024 may hold, revealing trends including the rise of QR codes, the growing threat of AI and ML-powered malicious emails, and the emergence of new malware threats, among other key insights.
Joshua Bartolomie, Vice President of Global Threat Services
Organizations will shift to focusing on what they don’t know about their cybersecurity risks, leaning on threat intelligence more than ever
As threats continue to mount due to global conflict and economic pressure, organizations will pivot to analyzing what they don’t know about their cybersecurity risks rather than making assumptions and move past “check the box” strategies.
To do this, organizations will need to lean on threat hunters and threat intelligence to find out what should be a focus in their cybersecurity strategies. Threat hunters are like house inspectors who come in and poke at the walls and the foundation to find things that need to be fixed. Good, actionable threat intelligence will help organizations quantify their risk, give context into how threats are delivered and allow security teams to make informed decisions to stay ahead of threats.
Dawn Creter, Director of Product Management
Email security reporting will be front in center in the boardroom
Today more than ever, cybersecurity is a main agenda item for every board meeting. Organizations are even starting to hire cyber experts to sit on boards to ensure the right questions are being asked to security leaders about business and cyber risk. This spotlight on cybersecurity will only grow in 2024 as threats, especially those related to email, only continue to increase. The board of directors will want to know metrics like what emails are being auto-quarantined, how their company is being targeted and what departments in their organization are the most at risk of attack. Security leaders need to put themselves in the shoes of the board members as more so now than ever are they expecting metrics on how their companies are preventing and mitigating the data breaches and Ransomware attacks we see in the news today.
Threat actors will capitalize on the advancement of AI, ML and ChatGPT through malicious emails
As we see more organizations adopt and invest in AI/ML, we are seeing an upward trend in credential phishing and an increase in communications on the dark web in generating AI frauds. Threat actors use many different tactics, techniques, and procedures that may leverage artificial intelligence and machine learning to replicate the writing of an email for malicious intent.
The growth and advancement in artificial intelligence and machine learning increased the ability to automate with much more speed and accuracy of these malicious emails, making the detection even more complex. This has catapulted them to produce more high-quality images, pictures and videos. Now we are seeing a high use of QR codes that threat actors will use to continue to trick their victims. Because of this, we will see more high quality fake ChatGPT malicious emails in 2024.
Max Gannon, Senior Cyber Threat Intelligence Analyst
Malicious QR Codes are just getting started
QR code phishing is a relatively new form of cyberattack that is gaining popularity among cybercriminals. In the second half of 2023 so far, the Cofense threat research team has seen a significant increase in the usage of QR codes as a way of leading victims to a malicious website where their login credentials or personal information can be stolen. As it gets easier to create these malicious QR codes, such as the service created by Google that allows users to embed malicious content in one simple step, we can expect this type of attack to increase significantly as it is not a complex way to steal credentials, it puts victims outside the protections of a secure environment by forcing them to use their phones, and it just keeps getting easier to create URLs as they increase in popularity with consumers and vendors.
Jared Sladich, Cyber Threat Intelligence Engineering Manager
The cybersecurity threat landscape will intensify as social engineering attacks surge
Social engineering attacks are on the rise, and cybercriminals are using increasingly sophisticated tactics to trick people into divulging sensitive information. In September 2023, MGM Resorts International was hit by a cyberattack that disrupted its resorts and casinos across the country. The attack began with a social engineering breach of the company’s information technology help desk via an employee’s LinkedIn account.
In 2024, organizations will have to shift focus from only monitoring for malicious emails targeting company emails to watching out for social engineering campaigns targeting employee’s social accounts and then using that stolen information to creep their way into a company’s network.
Dylan Duncan, Cyber Threat Intelligence Analyst
A new malware family will fill the void left behind by Qakbot
In August of 2023, the FBI reported they had officially taken down Qakbot, which had been operational since 2008. At the time of its demise, Qakbot was known to have infected 700,000 computers worldwide, including more than 200,000 in the U.S. When a botnet this large is taken down, we see it reemerge within a few months, but we have yet to see it return after nearly 2 months.
Qakbot malware has always been known as a significant threat to large organizations because of the multiple methods it uses to spread itself, its relatively successful attempts at avoiding detection and automated analysis, and its brute-forcing of password-protected locations. In 2024, we can expect to see another malware family or botnet seek to fill the gap left in market now that Qakbot has been unable to return.