top of page

HP's 2024 Cybersecurity Outlook: AI-Supercharged Threats, Endpoint Risks, and Supply

In the fast-evolving world of cybersecurity, HP's top experts foresee a tumultuous 2024 marked by AI-driven social engineering, heightened endpoint vulnerabilities, and supply chain security battles.

HP

Alex Holland, Senior Malware Analyst at HP Inc.


In 2024, AI will supercharge social engineering attacks on an unseen scale, spiking on red letter days.


In 2024, cybercriminals will capitalize on AI to supercharge social engineering attacks on an unseen scale: generating impossible-to-detect phishing lures in seconds. These lures will appear highly plausible and look indistinguishable from the real thing, making it harder than ever for employees to spot – even those that have had phishing training.


We are likely to see mass AI-generated campaigns spike around key dates. For instance, 2024 stands to see the most people in history vote in elections – using AI, cybercriminals will be able to craft localized lures targeting specific regions with ease. Similarly, major annual events, such as end of year tax reporting, sporting events like the Paris Olympics and UEFA Euro 2024 tournament, and retail events like Black Friday and Singles Day, will also give cybercriminals hooks to trick users.


With faked emails becoming indistinguishable from legitimate ones, businesses cannot rely on employee education alone. To protect against AI-powered social engineering attacks, organizations must create a virtual safety net for their users. An ideal way to do this is by isolating and containing risky activities, wrapping protection around applications containing sensitive data, and preventing credential theft by automatically detecting suspicious features of phishing websites. Micro-virtualization creates disposable virtual machines that are isolated from the PC operating system, so even if a user does click on something they shouldn’t, they remain protected.  


Organizations will also use AI to improve defence against the rise in attacks. High-value phishing targets will be identified and least privilege applied accordingly, and threat detection and response will be enhanced by continually scanning for and automatically remediating potential threats.

 

Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc.


Beyond phishing, the rise of LLMs will make the endpoint a prime target for cybercriminals in 2024.


One of the big trends we expect to see in 2024 is a surge in use of generative AI to make phishing lures much harder to detect, leading to more endpoint compromise. Attackers will be able to automate the drafting of emails in minority languages, scrape information from public sites – such as LinkedIn – to pull information on targets, and create highly-personalized social engineering attacks en masse. Once threat actors have access to an email account, they will be able to automatically scan threads for important contacts and conversations, and even attachments, sending back updated versions of documents with malware implanted, making it almost impossible for users to identify malicious actors. Personalizing attacks used to require humans, so having the capability to automate such tactics is a real challenge for security teams. Beyond this, continued use of ML-driven fuzzing, where threat actors can probe systems to discover new vulnerabilities. We may also see ML-driven exploit creation emerge, which could reduce the cost of creating zero day exploits, leading their greater use in the wild.


Simultaneously, we will see a rise in ‘AI PC’s’, which will revolutionize how people interact with their endpoint devices. With advanced compute power, AI PCs will enable the use of “local Large Language Models (LLMs)” – smaller LLMs running on-device, enabling users to leverage AI capabilities independently from the Internet. These local LLMs are designed to better understand the individual user’s world, acting as personalized assistants. But as devices gather vast amounts of sensitive user data, endpoints will be a higher risk target for threat actors. 


As many organizations rush to use LLMs for their chatbots to boost convenience, they open themselves up to users abusing chatbots to access data they previously wouldn’t have been able to. Threat actors will be able to socially engineer corporate LLMs with targeted prompts to trick them into overriding its controls and giving up sensitive information – leading to data breaches. 


And, at a time when risks are increasing, the industry is also facing a skills crisis – with the latest figures showing 4 million open vacancies in cybersecurity; the highest level in five years. Security teams will have to find ways to do more with less, while protecting against both known and unknown threats. Key to this will be protecting the endpoint and reducing the attack surface. Having strong endpoint protection that aligns to Zero Trust principles straight out-of-the-box will be essential. By focusing on protecting against all threats – known and unknown – organizations will be much better placed in the new age of AI.


Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc.


In 2024, the democratization of AI tools will lead to a rise in more advanced attacks against firmware and even hardware.


In 2024, powerful AI will be in the hands of the many, making sophisticated capabilities more accessible at scale to malicious actors. This will not only accelerate attacks in OS and application software, but also across more complex layers of the technology stack like firmware and hardware. Previously, would-be threat actors needed to develop or hire very specialist skills to develop such exploits and code, but the growing use of Generative AI has started to remove many of these barriers. This democratization of advanced cyber techniques will lead to an increase in the proliferation of more advanced, more stealthy, or more destructive attacks. We should expect more cyber events like moonbounce and cosmic strand, as attackers are able find or exploit vulnerabilities to get a foothold below a device Operating System. Recent security research even shows how AI will enable malicious exploit generation to create trojans all the way into hardware designs, promising increased pressure in the hardware supply chain.

 

In the year ahead, businesses will need to prioritize actively managing hardware and firmware security across the device lifecycle, from the points of delivery to recycling or decommissioning. With today's highly distributed IT infrastructures, it is critical to be able to rely on fleets of endpoint devices to operate as expected, throughout their lifetime. This means defending and monitoring the security, and in particular the integrity, of device hardware and firmware is increasingly central to protecting the supply chain of any IT infrastructure. For years, this area of hardware and firmware security has been largely neglected, with businesses assuming that, they were mostly protected by the high barrier to entry for such attacks. But with increased attacker pressure, organizations must make internal investments or identify the right partners to help bring device hardware and firmware security management in line with the level of maturity they already expect in software security. And given hardware procurement lifecycles, organizations should start now by setting requirements for robust built-in endpoint security, which is designed to support the secure verification, management, monitoring and remediation of hardware and firmware.


Michael Heywood, Business Information Security Officer at HP Inc.


In 2024, attackers will continue to seek ways into the ground floor, infecting devices before they are even onboarded. 


In 2024, we’ll see the attention on software and hardware supply chain security grow, as attackers seek to infect devices as early as possible – before they have even reached an employee or organization. With awareness and investment in cybersecurity growing each year, attackers have recognized that device security at the firmware and hardware layer has not maintained pace. Breaches here can be almost impossible to detect, such as firmware backdoors being used to install malicious programs and execute fraud campaigns on Android TV boxes. The increasing sophistication of AI also means attackers will seek to create malware targeted at the software supply chain, simplifying the process of generating malware disguised as secure applications or software updates.


In response to such threats, organizations will need to think more about who they partner with, making cybersecurity integral to business relationships with third parties. Organizations will need to spend time evaluating software and hardware supply chain security, validating the technical claims made by suppliers, to ensure they can truly trust vendor and partner technologies. Organizations can no longer take suppliers' word on security at face value. A risk-based approach is needed to improve supply chain resilience by identifying all potential pathways into the software or product. This requires deep collaboration with suppliers – yes or no security questionnaires will no longer be enough. Organizations must demand a deeper understanding of their partners' cybersecurity posture and risk – this includes discussing how incidents have changed the way suppliers manage security or whether suppliers are segregating corporate IT and manufacturing environments to shut down attackers' ability to breach corporate IT and use it as a stepping stone to the factory.


A risk-based approach helps   ensure limited security resources are focused on addressing the biggest threats to effectively secure software and hardware supply chains. This will be especially important as supply chains come under increasing scrutiny from Nation State threat actors and cybercrime gangs.

Comments


bottom of page