2023 was the year of generative AI and its impacts were felt across the cybersecurity landscape. Not only because of the threat it poses when in the hands of malicious actors, but also because of the way it can be used to tackle them.
And realistically, generative AI is not going away in 2024. We’re going to look at how it might evolve, and also share some other predictions for the cybersecurity industry over the next 12 months.
AI and LLMs
Cybercriminals have already been taking advantage of the benefits of generative AI in helping to develop and scale complex cyberattacks and this is likely to continue in 2024. According to Patrick Harr, CEO at SlashNext, “we should also expect the rise of 3D attacks, meaning not just text but also voice and video,” for example deep fake audio and videos impersonating people in positions of power. Concerns around the 2024 US presidential election have already been raised as fake Joe Biden robocalls have started to appear.
In addition to this, the data used by AI companies to train LLMs could become a target. Drew Perry, Chief Innovation Officer at Ontinue expects to see “a major breach of an AI company’s training data exposing the dark side of large language models (LLM) and the personal data they hold that were scraped from open sources.”
A bit like phishing, but instead of using emails to trick people into clicking malicious links, criminals will exploit QR codes (which have become much more widely used since the pandemic) in the same way. According to Kern Smith of Zimperium, “This type of attack currently bypasses traditional web and email gateway controls, allowing attackers to easily embed a malicious URL containing custom malware into a QR code that could then exfiltrate data from a mobile device when scanned.”
Increase in mobile crime
As our lives become more dependent on our mobile devices, they become attractive targets for cyber criminals, as the amount of data available from them is huge. Google and other security experts predict that there will be an increase in mobile-specific attacks in 2024, including mobile malware, banking trojans, and phishing attacks. And scammers will still be using social engineering techniques, such as posing as banks, or government officials, to trick victims into downloading malicious apps to their smartphones.
As the number of IoT (internet of things) devices we use grows, and more aspects of our lives become interconnected, it will likely lead to new vulnerabilities. Because many of these devices lack adequate security measures, they are very attractive to hackers. As a result, manufacturers of these types of devices need to prioritise security above all else to protect against these types of threats.
These are just a few predictions of how the cybersecurity landscape might evolve in 2024, but as always, when it comes to security and technology, things can change very quickly.