As usual at the end of the year, Kaspersky, one of our cybersecurity partners, has pulled out its crystal ball to illustrate the advanced persistent threats (APTs) that will keep CISOs busy in the months ahead.
There are various options on the menu, such as supply chain attacks, GenAI-enhanced spear-phishing, government hacking and hacking as a service.
We take a look at these tactics in this article.
What advanced persistent threats (APTs) can we expect in 2024?
The annual forecast from Russian cybersecurity company Kaspersky unveiled a number of highly sophisticated and novel tactics that have begun to be observed in recent months.
Spear-phishing and GenAI
Based on legal solutions, threat actors are developing their own GenAI-powered chatbots. For example, WormGPT, a language model specifically designed for malicious operations, is said to have been based on the open-source GPTJ language model.
These templates (also known as xxxGPT, WolfGPT, FraudGPT and DarkBERT) are attractive to attackers because they lack the content limitations of legitimate solutions.
The production of spear-phishing messages in large quantities is likely to be facilitated by this development.
These messages are often used as a starting point for APT or other attacks.
Attacks on the supply chain
Hackers always consider developers, integrators or publishers as intermediaries (without their knowledge).
Malicious hackers use them as entry points to access the infrastructure and data of their ultimate targets.
Therecent example of Okta, whose support service was hacked, putting many customers’ data at risk, is mentioned by Kaspersky.
The motivations behind these attacks can vary from financial gain to cyber espionage, reinforcing the worrying nature of this threat.
Analysts claim that the notorious APT group Lazarus has improved its supply chain attack capabilities.
More threats to MFT systems
Managed file transfer software, or MFT, has become essential to business operations as it stores a variety of sensitive data, such as financial records, customer information and intellectual property.
However, cybercriminals, particularly ransomware operators, are also putting them at the center of their attention.
The Clop gang was quick to exploit a flaw in the Moveit solution, which could be used to steal private data, disrupt business operations and demand ransom.
Kaspersky expects threats to MFT systems to worsen in the future.
Botnet networks on the rise
New large-scale botnet networks capable of launching targeted attacks could emerge in the coming months.
Analysts note that these botnets are attractive to Advanced Persistent Threat (APT) organizations because it is difficult for targets to determine the identity and motivations of the attackers.
Mobile devices and connected objects are increasingly targeted
Groups of cyberpirates, hacktivists and hackers working for governments could continue to exploit vulnerabilities present in various devices, especially iOS products.
But also in so-called smart home automation devices, such as connected objects, which often lack secure updates and configurations.
According to Kaspersky researchers, a “silent” exploit distribution method was used: vulnerabilities were sent via iMessage and activated without the user having to intervene.
Kernel rootkits
By introducing new security features such as the Secure Kernel architecture in the latest versions of Windows, Microsoft has attempted to reduce the prevalence of rootkits and low-level attacks.
However, these measures are not enough to prevent threat actors from successfully executing their malware in the kernel mode of targeted computers.
Kaspersky predicts that stolen EV certificates and code-signing certificates will become widely available on the darknet in this context.
Increase in the number of government hacks
The cyber dimension has become an essential element in all conflicts.
This trend is set to continue, with an increase in cyber-attacks carried out by state-backed stakeholders.
It’s not just critical infrastructure, government agencies and global armed forces that are likely to be affected, but media companies too.
Long-term espionage, damage to IT infrastructure and data theft will be the main objectives of state-sponsored cyber hackers.
Researchers also anticipate an increase in cyber sabotage efforts.
Hacktivism and deepfake
Another example of the use of technology in the context of conflict is hacktivism.
According to forecasts by the Russian cybersecurity company, activism focused on disinformation (among other things, thanks to increasingly accessible deepfake technologies) will reach its peak in 2024.
DDoS attacks, data theft and destruction, and website vandalism are also likely to be used.
Hacking in the service sector
The likely proliferation of hack-for-hire services is another cybersecurity trend that could influence the coming months.
These services specialize in data theft and system penetration.
These cyber-mercenaries, like DeathStalker, present their services publicly.
Instead of operating like a traditional APT, this threat is directed and focused on law firms and financial institutions, which provide hacking services and act as information brokers.
