top of page

WithSecure Experts Share How An Explosion in Attack Surfaces Will Change Security in 2024

Experts from WithSecure share what could be in store for the cybersecurity industry in 2024. Christine Bejerasco from WithSecure highlights the challenges in securing the intricate supply web of digital services, emphasizing the difficulty in maintaining visibility and security across various organizations. Andy Patel discusses the democratization of AI in 2024, warning about its potential misuse in disinformation campaigns and its growing role in image and video generation. Stephen Robinson and Neeraj Singh address the professionalization of cybercrime, with a focus on exploiting Internet-facing services and the expanding attack surface due to digital transformation and cloud adoption.


When the Interconnected Business World Goes Rogue

WithSecure

By Christine Bejerasco, CISO, WithSecure


In our digital dimension, we work with products and services where we don’t have absolute visibility into the security of their supply chains. Our data is everywhere, processed by different services that are owned by different organizations who also don't necessarily have a full view or understanding of their supply chain security. In fact, ‘supply chain’ is an obsolete term in our digital dimension; what we have is a supply web with players ranging from individuals, organizations and digital entities all with their own agenda. 

More regulations are coming into play to enforce security and privacy practices within different service providers, but these regulations are operating from the mindset of the world we have today. With the pace of technological evolution, the world tomorrow will need new regulations. While that is shaping up, the interconnectedness of the supply web has continuously been tested. 

In the physical dimension, poisoning the well could impact communities in the area. In the digital dimension, one player can poison the ocean. And this can start from anywhere, a malicious actor does not have to target large providers. They can target open-source code or even AI models. The latter is more insidious because the user may not notice the changes that poisoned AI models provide, as opposed to compromised open-source code which have tools to identify poisoned code. Zero-trust will not work in this situation; therefore, how do we know which one to trust? And how do we know if it's no longer trustworthy? Democratization of AI & 2024 Uses – Get Ready

By Andy Patel, Researcher, WithSecure

Open-source AI will continue to improve and be taken into widespread use. These models herald a democratization of AI, shifting power away from a few closed companies and into the hands of humankind. A great deal of research and innovation will happen in that space in 2024. And whilst I don’t expect adherents in either camp of the safety debate to switch sides, the number of high-profile open-source proponents will likely grow.”


AI will be used to create disinformation and influence operations in the runup to the high-profile elections of 2024. This will include synthetic written, spoken, and potentially even image or video content. Disinformation is going to be incredibly effective now that social networks have scaled back or completely removed their moderation and verification efforts. Social media will become even more of a cesspool of AI and human-created garbage.”

 

Image and video generative AI services will start to catch up with text generation in terms of accessibility, as these models become easier to prompt and control. Midjourney and the like will continue to add functionalities such as 3D and video. Expect a consolidation of these different offerings as the biggest players start to dominate. And the sheer quantity of AI-generated images will mean that nearly every image on the internet, including historical images, will soon be suspicious to someone.”


Personal assistants – like the new Humane device – will creep into the mainstream during 2024, whether they be in the form of wearables or smartphone functionality. AI will be integrated all over the place, and it will be given limited agency in the form of the ability to perform web searches, read and send email, read and edit calendars, and similar. The first adopters of this technology will likely include some high-value targets. Personal assistants may be the motivating factor that encourages real-world attacks against AI, such as prompt injection and inference attacks. Other techniques, such as search engine optimization, will also factor into adversarial plans. Tricking an AI into malfunctioning or giving misleading results will be a tempting proposition for an attacker. And when the interface is driven by voice commands and the user can’t mouse-over to check what it is they are about to open, it’ll be much easier to trick folks into opening malicious links or documents.”

 

Professionalization of Cyber Crime

By Stephen Robinson, Senior Threat Intelligence Analyst, WithSecure


In recent years we've seen mass exploitation of Internet facing services take off as a route into a network to get to the valuable data on the inside, whether by APT groups, ransomware actors or Initial Access Brokers. I believe the success and methodology of the recent MoveIT compromise by the ransomware group Cl0p will begin to inspire more mass exploitation campaigns targeting edge data transfer servers in a similar vein.  

MoveIT was typically used for reliable transfer of large volumes of important files between organisations. Cl0p exploited MoveIT servers to gain access to and exfiltrate these important, valuable files. For a ransomware group, access to large volumes of valuable data is the end goal, they had no need to go further into the network than the exposed, vulnerable MoveIT servers. I expect to see more copycat attacks where the value is the exploited server itself, not the access it provides to the rest of the network. ”


Explosion of the Attack Surface

By Neeraj Singh, Senior Security Researcher, WithSecure


As organizations undergo digital transformation efforts – including the widespread adoption of cloud services – to improve productivity and stay competitive, the future may see an increase in activities that introduce new technologies and processes that haven't been thoroughly secured. Cloud services, with their new interfaces, APIs, and communication channels, offer additional targets for attackers, thereby expanding the potential attack surface. Misconfigurations occurring in cloud services due to errors or oversights in the setup and management of cloud infrastructure and resources can lead to security vulnerabilities, data exposure, and operational issues. To mitigate these misconfigurations, conduct regular security audits; organizations should follow best practices provided by cloud service providers, and implement continuous monitoring for potential issues.

Comments


bottom of page