10 Key Cyber Risks to Watch Out for in 2024

As the cyber threat landscape continues to evolve from year to year, it is crucial to monitor trends and track their impact on the global cyber ecosystem.

Attempting to understand why threat actors do what they do helps us begin to uncover how they will behave in the future.

In order to maintain cyber resilience against new and emerging threats, this level of attention and understanding is necessary.

Over the years, working in cyber risk mitigation has taught us to expect the unexpected. However, we still know the importance of closely monitoring data and trends and making informed predictions about the future state of cyber risk.

We have compiled a list of 10 cyber predictions that we believe will be relevant in 2024.

1) Adversaries will continue to leverage large language models to accelerate the time to ransom.  

Resilience cybersecurity experts predict that in 2024, adversaries will continue to leverage large language models (LLMs) to accelerate social engineering tactics and reduce the time to ransomware attacks.

According to a report by NordVPN, there is increased interest from potential criminal actors, as the volume of posts regarding ChatGPT in dark web forums increased 145% from January to February 2023.

LLMs can be leveraged to create more convincing and effective social engineering or phishing attacks. They can also be used to impersonate organizations or individuals and create fictitious engagement on social media platforms.

LLMs such as ChatGPT and others designed by legitimate companies include safeguards to prevent misuse. However, research by Google has shown that these safeguards have many ways to be bypassed.

The future of social engineering attacks will require a heightened level of vigilance on a human level.

More sophisticated training and stronger email security measures will be required to replace traditional mitigation measures like searching for spelling errors or disfigured company logos.

2) Attacks against identity providers will increase. 

According to Crowdstrike, in 2023, 80% of cyberattacks leveraged identity-based techniques to compromise credentials.

Their Global Threat Report shows that threat actors are “doubling down on stolen credentials,” with a 112% year-over-year increase since 2021 in advertisements for access-broker services identified in the criminal underground.

This increase can be attributed to the expansion of cloud usage and remote work in most organizations today. Increased digitization and volumes of online identities lead to an increase in identity-based attacks.

In 2024, not only are identity-based attacks going to continue to be a leading tactic, but identity providers themselves will grow as targets. Infiltrating identity provider networks can have a sprawling impact on thousands of organizations and millions of individuals.

We saw this happen with the recent Okta attacks, which threat perpetrators claim was linked to the ransomware attacks against MGM in September.

Resilience experts predict that the success of incidents like this one will lead to an increased trend of attacks against identity providers in 2024.

3) Threat actors will continue to target third-party vendors to scale their attacks.

Trends we’ve seen throughout 2023 will continue and potentially ramp up as the success of third-party vendor breaches fund cybercriminal activities.

Third-party risk poses massive challenges to companies, particularly within the supply chain. Data from Resilience’s Mid-Year 2023 Claims Report showed that third-party breaches had become the top point of failure and cause of loss within our client base throughout the first half of 2023.

As this type of attack gains significant traction, it will be imperative to converge vendor risk and internal risk, managing them holistically and taking vendor risk as seriously as internal risk.

Ensuring vendors align with your security requirements will be a key component in building resilience against supply chain breaches and limiting the scope of these incidents.

As the third-party risk environment grows increasingly challenging, quantifying the real impact of a cyberattack, business continuity challenges, reputational concerns and more will be imperative to manage third-party risks in 2024.

4) LockBit will remain the dominant ransomware gang for a fourth consecutive year. 

LockBit has been the dominant ransomware gang for the past three years, and this will not change in 2024.

Within Resilience’s client base, LockBit has consistently ranked among the top three most active criminal groups.

According to threat intelligence group Flashpoint, LockBit is responsible for 28% of all known ransomware attacks from July 2022 to June 2023 and can be considered the most well-organized ransomware-as-a-service group in the world. They employ administrators, developers and a full cybercrime infrastructure that has helped them carry out approximately 1,700 attacks in the U.S. and earn around $91 million in extortion payments since they were first observed in early 2020.

In 2023, LockBit had more than twice as many victims as the next two ransomware groups combined, CL0P and BlackCat.

Their continued high volume of victims makes them the world’s “most active” ransomware group.

In 2024, it is more than likely that LockBit will maintain this status. However, as organizations grow more resilient to making ransom payments (noted in Resilience’s Mid-2023 Claims Report), LockBit may struggle to remain profitable in the upcoming year.

Despite the state of the ransomware economy, reducing LockBit’s success by maintaining security infrastructure against ransomware extortion will be a key focus in 2024.

5) State-backed threat actors will continue to leverage zero-day vulnerabilities.

State-backed threat actors enacting sophisticated cyberattacks that target national security are a growing threat.

Conflicts like the recent war against Ukraine have spawned an uptick in “cyber warfare” — committing cyberattacks to push a political agenda or execute war tactics against a nation.

These attacks present a growing threat to national security, targeting critical infrastructures such as information technology, education, think tanks and more.

State-backed threat actors often rely on zero-day vulnerabilities to initially breach networks.

Cybersecurity firm Mandiant reported that in 2022, 80% of zero-day exploits were caused by state-sponsored threat actor groups. Mandiant defines zero-day vulnerabilities by their ability to be exploited in the wild prior to a publicly released patch.

These attacks are popular as they allow cybercriminals to gain access to a network and move within it before a patch or workaround to the vulnerability is created.

Often, these vulnerabilities aren’t even found prior to exploitation.

As modern warfare begins to rely more heavily on cyberattacks to gain momentum and military advantage, close monitoring for zero-day vulnerabilities — particularly within critical infrastructure — will be essential to keep countries resilient against cyber warfare in 2024.

6) We will see data privacy violations arise from the insecure deployment of LLMs in SaaS products.

New AI capabilities — such as the use of LLMs within digital and software as a service (SaaS) products — are revolutionizing the way consumers interact with online products.

However, in the rush to deploy the latest AI technology, concerns about adversarial attacks that could cause these models to inadvertently share data are being overlooked.

LLMs such as OpenAI’s ChatGPT have data retention policies that may not align with a given organization’s data-handling policy. LLMs rely on user data and sometimes share this data with third parties, creating a security gap between the language models and the organizations that use them.

Maintaining the privacy of data that is processed through LLMs presents a unique challenge.

Tactics such as data obfuscation, sandboxing a controlled computational environment or refining data sets to exclude confidential information can be used to mitigate this risk while LLMs navigate data privacy regulations and become more ingrained in modern security solutions in the future.

7) We will see politically motivated disinformation campaigns created through AI and coordinated with data breaches of fake information. 

The creation of large language models and AI has led to more convincing phishing messages, and the use of these LLMs to push malicious agendas will continue to ramp up in 2024.

As the U.S. and UK both face upcoming elections, the risk of politically motivated disinformation campaigns created through AI is alarming.

“The general ability of these models to manipulate and persuade, to provide one-on-one interactive disinformation, is a significant area of concern,” said Sam Altman, CEO of ChatGPT, at a congressional hearing in Washington in May 2023.

“Regulation would be quite wise: People need to know if they’re talking to an AI or if the content that they’re looking at is generated or not.”

As of late 2023, no such legislation exists.

However, in June, Senate Majority Leader Chuck Schumer announced an innovation framework supporting five pillars to “encourage domestic AI innovation while ensuring adequate guardrails to protect national security, democracy and public safety.”

This framework is to be discussed at AI Insight Forums, featuring senators, AI experts, civil rights and consumer groups, and more. Their first meeting was held on September 13, 2023, with plans to draft legislation within “the next few months.”

8) We are going to see a continued increase in privacy regulation across the U.S.

Data privacy laws in the United States saw massive expansion in 2023 as the U.S. made efforts to establish something similar to the European Union’s General Data Protection Regulations, which were implemented in 2018.

Working to pass the American Data Privacy and Protection Act, six state legislatures implemented data privacy laws in 2023 to help organizations manage regulatory challenges with compliance, as well as operational and financial cyber risks.

While this is good news that implies the severity of cyber incidents is being taken seriously, it also means that compliance requirements for experiencing an incident are now more stringent and could result in high fees if the organization is uninformed.

Heading into 2024, Resilience insurance experts believe that we will continue to see more states take action to implement data privacy regulations. As the modern digital world leads to more expansive cyber risk for everyone, the need for legal infrastructure that helps manage data privacy will grow.

As of the end of 2023, there are already several states that have passed consumer privacy laws that will go into effect in 2026, and it is likely that more will follow.

9) There will continue to be increased scrutiny for OFAC compliance and ransom demand payments.

In 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) declared its opposition to ransomware victims making payments and issued an “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.”

The advisory is directed toward ransomware victims as well as financial institutions, cyber insurance firms and incident response firms, and defines OFAC’s “commitment to bringing enforcement actions in connection with payments that violate U.S. sanctions.”

The cybercriminal market operates through funding from extortion payments. The best way to stop cyberattacks at the source is by reducing the profitability of cybercrime.

Going into 2024, legal scrutiny of organizations who choose to pay will rise, as payment continues to fund large-scale attacks, including cyberwarfare efforts.

However, along with this scrutiny, more solutions to managing risk and building resilience against the initial breach will be shared by the OFAC.

It’s 2021 updated advisory includes details on “the proactive steps companies can take to mitigate [sanctions enforcement] risks,” with a focus on sharing strong cybersecurity strategies. Helping organizations build resilience against ransomware will be a pivotal part of the OFAC’s focus going forward.

10) Ransomware claims will continue to be prevalent, along with business email compromise. 

The year 2023 was a tumultuous one for the cybercriminal ransomware market.

Resilience’s mid-year claims report saw that while organizations are growing more resilient to making extortion payments, the total amount requested per payment is growing, making 2023 a more financially damaging year than 2022.

We also noted that in this attempt to achieve successful ransom payments, sprawling third-party attacks and “big-game hunting” are trending.

Threat actors are attempting to breach multiple systems at once to increase their likelihood of payment and are also setting their sights on larger organizations that may have more reserves to pay an extortion. According to a report by cybersecurity firm Abnormal, business email compromise increased by 55% in the first half of 2023.

Resilience experts predict that each of these trends will continue through the end of the year and into 2024.

The cybercriminal market relies on extortion payments to fund its activities and is able to quickly establish workarounds to security protocols.

In 2024, building resilience against ransomware and business email compromise will be a key component of managing cyber risk.

As we move into the next year, it is likely that the cyber landscape will evolve in ways we never saw coming.

However, given the data from key trends in 2023 and our expert knowledge in tracking and translating cyber risk into actionable insight, caution around these 10 predictions will be beneficial in the new year. &