Predicting the future is difficult, but you can anticipate what is likely to happen by looking at how things have evolved over the past year. This year, Barracuda asked its experts who work on the security frontline, from XDR and offensive security to international product specialists, its security operations team, and more, about the things they witnessed in 2023 and expect to see in 2024.
What most surprised you in 2023?
Adam Khan, VP Global Security Operations: The MGM attack where a group known as Scattered Spider employed social engineering to deceive MGM help desk employees into resetting the passwords and MFA codes of high-value MGM employees. This access enabled them to infiltrate MGM’s managed IT service, Okta, to install an identity provider and create single sign-on for themselves. The breach also extended to the Microsoft Azure cloud environment, leading to multiple system vulnerabilities and exposure of customer data. The ransomware attack cost MGM Resorts an estimated $100 million — and it showed yet again how social engineering remains a powerful and ever evolving cyberweapon.
Merium Khalid, Director, SOC Offensive Security: That the volume of business email compromises (BEC) we encountered was almost equivalent to the number of ransomware attacks. Ransomware is often perceived as the more prevalent and damaging threat, while BEC has been somewhat under the radar, with many businesses underestimating its potential impact. The near parity of these two threats highlights the evolving nature of cyber threats and the adaptability of cybercriminals. As organizations bolster their defenses against ransomware, attackers are diversifying their tactics, leveraging BEC as an equally lucrative avenue.
Jesus Cordero, Director, Systems Engineering, SASE and Cloud: The increasing amount of open cybersecurity positions worldwide. The latest data from ICS2 shows that the number of unfilled security roles has reached just under 4 million and other research shows the gap grew by 350% between 2021 and 2023.
Rohit Aradhya, VP and Managing Director, Engineering: The blissful unawareness of smaller companies and their employees of the impending threat to their business. Outside the security industry there is a general lack of awareness about the importance of protecting digital assets, digital transactions, and web portals, and the acceptable use of email, public cloud services and cloud storage, and many other digital services.
Emre Tezisci, Product Marketing Manager, Zero Trust: Several large mass ransomware attacks that used exploits in software and weaknesses in IT supply chains to target multiple companies. For example, the MOVEit mass cyberattack, which exploited a data transfer software product, impacted millions of individuals and thousands of companies.
What are the biggest security concerns on customers’ minds as we approach 2024?
Stephan Schachinger, Senior Product Manager, IoT: That cybercriminals could be faster with the adoption of AI than the security industry. As a result of tools such as generative AI, the quality of attacks, especially social engineering such as spear phishing, has reached a new level that makes it almost impossible for human victims to distinguish between real and fake.
MK: The bypass of multifactor authentication (MFA). While MFA is a trusted security measure, there’s a growing trend of cybercriminals finding ways to circumvent it. Another pressing issue is the threat from critical zero-day vulnerabilities and cloud-based risks from misconfigurations, inadequate access controls, and vulnerabilities in cloud infrastructure.
Charles Smith, Consulting Solutions Engineer, Data Protection, EMEA: We’re seeing companies starting to worry that their backup solution could be compromised if they are attacked. Hackers employ various methods to seek out and destroy backup data prior to encrypting or extorting data, and on-premises solutions are particularly vulnerable to such attacks.
ET: The speed of cyberattacks. Account takeover and phishing together with ransomware-as-a-service (RaaS) kits, where prices start from as little as $40, remain key drivers in cyberattacks. They help attackers carry out more attacks faster, with the average number of days taken to execute a single attack falling from around 60 days in 2019 to four in 2023.
And what are they least prepared to deal with?
SS: Most organizations are not prepared to defend themselves against targeted and high-quality attacks that we used to see only at the nation-state and intelligence agency level. That includes social engineering and technical attack vectors. If you add the use of AI, it’s clear that more organizations are going to face sophisticated attacks.
CS: Companies are poorly prepared to deal with testing their data loss prevention (DLP) and recovery. When it comes to data protection, for example, many companies do the bare minimum — they implement a backup solution, schedule their backups to run daily, and think the job’s done. They generally don’t give any time to testing all types of data restoration or to documenting the steps so that anyone in the IT security team can implement the process when under pressure.
MK: MFA bypass. While zero-day vulnerabilities and cloud-based attacks are recognized threats that have been in the spotlight for some time, the increasing sophistication in bypassing MFA is a relatively newer challenge.
Sheila Hara, Senior Director, Product Management, Email Protection: Image-based attacks. These attacks exemplify the evolving nature of cyberthreats. They include steganographic payloads where cybercriminals embed malicious code, text, or files within images. This payload can be extracted using specific tools, allowing attackers to conceal their intentions. There is also malicious watermarking, where attackers add imperceptible watermarks to images, containing encoded information or links to malicious content; and polyglot files that are crafted to be interpreted as both valid images and executable files, allowing attackers to bypass certain security checks.
What do you expect attackers to focus on most in 2024?
MK: AI-powered attacks and more targeted ransomware campaigns. Attackers are leveraging advanced AI algorithms to automate their attack processes, making them more efficient, scalable, and difficult to detect. These AI-driven attacks can adapt in real time, learning from the defenses they encounter and finding innovative ways to bypass them. Ransomware attacks are evolving into more targeted campaigns as cybercriminals focus on critical infrastructure and high-value targets, aiming to inflict maximum damage and, in turn, demand exorbitant ransoms.
Peterson Gutierrez, VP, Information Security: There seems to have been a great deal of energy spent by cybercriminals on account takeover attacks in 2023. I think we will see a continued and concentrated effort by threat actors to attack identities first and foremost, as this affords them a variety of pivot points for additional attacks.
SH: 2024 may see new threats emerge based on technological advancements, geopolitical events, and changes in attacker tactics. This may include deepfake and synthetic media attacks. As deepfake technology advances, attackers may use it for disinformation campaigns, impersonation, or to manipulate media for malicious purposes. At the same time, established attacks including ransomware, supply chain attacks, and data privacy violations are likely to continue and increase. Attackers may focus increasingly on exploiting vulnerabilities in IoT and operational technology (OT).
JC: I see two trends. The first one is the continuation of the usual threat vectors as attackers know that companies are both understaffed with inexperienced IT teams and grappling with possibly legacy, outdated, or misconfigured solutions. The second one is the natural evolution of technology — as we enhance our security assets with AI-based solutions, we are automatically creating new attack vectors that are crafted based on the quality of results of generative AI itself.
As AI-enabled cyberattacks take deeper hold in 2024, will security vendors need to do more to help companies deal with attacks?
SS: Organizations should prepare themselves for compromise. This means that, in addition to the initial prevention, we should focus on the detection of ongoing attacks and the corresponding response, for example with decentralized security at the edge.
MK: The inherent adaptability of AI-driven threats, which can analyze defenses and recalibrate their tactics in real time, challenges the traditional preventive measures. Security vendors must equip organizations with tools not only for rapid breach detection, but also for understanding the scope and containing the threat swiftly.