top of page

The Evolution of Threats in 2024: LLMs and Ransomware Top of Mind for CISOs

This guest blog was contributed by Kevin Reed, CISO at Acronis In 2023 we witnessed some cases of high-profile attacks - one of which was the Las Vegas MGM casino ransomware attack – that shed light on deepfake technologies applied to social engineering There will be more as we head into 2024, with the potential for these kinds of attacks to go mainstream. We’re expecting to see hackers fake the victim's voice with AI to bypass biometric authentication, fool IT Helpdesks into resetting passwords or disabling 2FA, target individual employees in "CEO fraud" social engineering scenarios, and beyond. 

LLMs and the Challenges They’ll Bring

Outside of breach tactics, everyone and their dogs will be using LLMs to generate tons of texts. The web, forums, corporate blogs, and all social media will be filled with it. We can also expect to see many fake posts, not because the users intended to, but because they are incapable of distinguishing valid ChatGPT answers from LLM hallucinations. This may affect sites like Wikipedia too, and I can only hope it will not affect Encyclopaedia Britannica. 

 All developers will be using LLMs to generate code, blindly cutting and pasting the results into their programs, like they did with Stack overflow in the past – but at a much larger scale. Hard to diagnose bugs and potentially security vulnerabilities will arise from this; which we may see exploited. This includes ransomware authors, who will use LLMs to develop malicious software. Because it's hard to deduct the intent of the software development, no matter what protections LLMs will try to put in place, there will always be bypasses. 

Ransomware Remains King

Ransomware itself will continue to rise. If large companies improve their protections – which is tough to do at the drop of a hat, we can still expect to see more high-profile ransomware attacks. Threat actors will likely switch to medium-sized businesses and will be trying to find ways to scale their operations. Right now, ransomware deployment is a largely hands-on operation, if some threat actors manage to (semi-)automate it, they will be able to go for more companies. While they’ll be able to extract less money with mid-size organizations, their revenue will likely still increase given the sheer volume they can go after. We already see it happening with some ransomware syndicates being essentially a franchise, but as we’ve seen already – hackers will always find more ways to scale it. 

Geopolitical tension will continue to drive APT actors. We'll know little of it unless some become reckless and are exposed. We may see effects more prevalent on the operations side of things – like physical hardware being damaged, destroyed or disabled; but this is hard to predict. Visible or not, militarization of the Internet will continue, and so will how involved the governments are around the world in cyber and internet regulations. 

There will be another large-scale vulnerability, that some companies will not patch properly and promptly – which in turn will lead to another major ransomware gang’s win. 

Overall, we’re poised for a really interesting new year in cybersecurity, where there are always new challenges, evolving threats, and an abundance of caution with how to approach hackers.  


bottom of page