blog.barracuda.com
Open in
urlscan Pro
151.101.67.10
Public Scan
URL:
https://blog.barracuda.com/2023/11/29/cyberthreat-predictions-2024-barracuda-security-frontline
Submission: On November 30 via api from TR — Scanned from DE
Submission: On November 30 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://blog.barracuda.com/search
<form method="GET" class="cmp-search-box__form" action="https://blog.barracuda.com/search">
<input class="cmp-search-box__form__input" type="search" name="searchTerm" aria-label="Search for" placeholder="Search" value="" data-cmp-hook-header="searchInput">
<a href="#" class="cmp-search-box__form__search-btn" aria-label="Search" data-cmp-hook-header="searchSubmit">
<span class="cmp-search-box__form__search-btn__icon"></span>
</a>
</form>Text Content
* Home
* Ransomware Protection
* Email Protection
* Research
* Remote Work
* Home
* Ransomware Protection
* Email Protection
* Research
* Remote Work
TYPE AND PRESS ENTER TO SEARCH
CYBERTHREAT PREDICTIONS FOR 2024 FROM BARRACUDA’S SECURITY FRONTLINE
Topics:
Nov. 29, 2023
|
Tilly Travers
Tweet
Share
Share
Tweet
Share
Share
Predicting the future is difficult, but you can anticipate what is likely to
happen by looking at how things have evolved over the past year. This year
again, Barracuda asked colleagues who work on the security frontline, from XDR
and offensive security to international product experts, our own security
operations team, and more, about the things they witnessed in 2023 and expect to
see in 2024.
WHAT MOST SURPRISED YOU IN 2023?
Adam Khan, VP Global Security Operations: The MGM attack where a group known as
Scattered Spider employed social engineering to deceive MGM help desk employees
into resetting the passwords and MFA codes of high-value MGM employees. This
access enabled them to infiltrate MGM’s managed IT service, Okta, to install an
identity provider and create single sign-on for themselves. The breach also
extended to the Microsoft Azure cloud environment, leading to multiple system
vulnerabilities and exposure of customer data. The ransomware attack cost MGM
Resorts an estimated $100 million — and it showed yet again how social
engineering remains a powerful and ever evolving cyberweapon.
Peterson Gutierrez, VP, Information Security: The apparent shift threat actors
have made in moving away from encrypting data for ransom to simply threatening
to disclose the information publicly.
Merium Khalid, Director, SOC Offensive Security: That the volume of business
email compromises (BEC) we encountered was almost equivalent to the number of
ransomware attacks. Ransomware is often perceived as the more prevalent and
damaging threat, while BEC has been somewhat under the radar, with many
businesses underestimating its potential impact. The near parity of these two
threats highlights the evolving nature of cyber threats and the adaptability of
cybercriminals. As organizations bolster their defenses against ransomware,
attackers are diversifying their tactics, leveraging BEC as an equally lucrative
avenue.
Jesus Cordero, Director, Systems Engineering, SASE and Cloud: The increasing
amount of open cybersecurity positions worldwide. The latest data from ICS2
shows that the number of unfilled security roles has reached just under 4
million and other research shows the gap grew by 350% between 2021 and 2023.
Charles Smith, Consulting Solutions Engineer, Data Protection, EMEA: That
companies are still not taking seriously the need to protect their data.
Organizations are neither investing in the right solutions nor putting together
a data protection recovery plan they have confidence in.
Rohit Aradhya, VP and Managing Director, Engineering: The blissful unawareness
of smaller companies and their employees of the impending threat to their
business. Outside the security industry there is a general lack of awareness
about the importance of protecting digital assets, digital transactions, and web
portals, and the acceptable use of email, public cloud services and cloud
storage, and many other digital services.
Stefan van der Wal, Consulting Solutions Architect, Application Security, EMEA:
Despite the overwhelming evidence of success by hackers attacking web
applications, there still seems to be a lack of knowledge — and sometimes even
motivation — in organizations to address it.
Emre Tezisci, Product Marketing Manager, Zero Trust: Several large mass
ransomware attacks that used exploits in software and weaknesses in IT supply
chains to target multiple companies. For example, the MOVEit mass cyberattack,
which exploited a data transfer software product, impacted millions of
individuals and thousands of companies.
Mark Lukie, Director of Solution Architects, APAC: The rapid increase in the
sophistication and frequency of supply chain attacks.
WHAT ARE THE BIGGEST SECURITY CONCERNS ON CUSTOMERS’ MINDS AS WE APPROACH 2024?
Sheila Hara, Senior Director, Product Management, Email Protection: How to
deploy defense-in-depth, a cybersecurity strategy that involves layering
multiple security measures to protect against various types of threats.
Stefan Schachinger, Senior Product Manager, IoT: That cybercriminals could be
faster with the adoption of AI than the security industry. As a result of tools
such as generative AI, the quality of attacks, especially social engineering
such as spear phishing, has reached a new level that makes it almost impossible
for human victims to distinguish between real and fake.
AK: The evolving AI threat, exploit mapping for ransomware, supply chain and
critical infrastructure attacks, and the continued shortage of cybersecurity
professionals.
MK: The bypass of multifactor authentication (MFA). While MFA is a trusted
security measure, there's a growing trend of cybercriminals finding ways to
circumvent it. Another pressing issue is the threat from critical zero-day
vulnerabilities and cloud-based risks from misconfigurations, inadequate access
controls, and vulnerabilities in cloud infrastructure.
CS: We’re seeing companies starting to worry that their backup solution could be
compromised if they are attacked. Hackers employ various methods to seek out and
destroy backup data prior to encrypting or extorting data, and on-premises
solutions are particularly vulnerable to such attacks.
ET: The speed of cyberattacks. Account takeover and phishing together with
ransomware-as-a-service (RaaS) kits, where prices start from as little as $40,
remain key drivers in cyberattacks. They help attackers carry out more attacks
faster, with the average number of days taken to execute a single attack falling
from around 60 days in 2019 to four in 2023.
RA: Not having a single comprehensive security platform or solution to protect
their business. Businesses today rely on a plethora of security vendors with
varied offerings and expertise to protect their businesses, and they are
concerned about the gaps in these solutions and unknown unknowns.
JC: The vast number of solutions they need to deal with for their daily tasks
and not knowing if their legacy solutions are the right tools to approach new
and future challenges.
ML: Ransomware, phishing, and data breaches. Customers are also concerned about
the specific security risks associated with new technologies, such as artificial
intelligence (AI) and the Internet of Things (IoT).
AND WHAT ARE THEY LEAST PREPARED TO DEAL WITH?
SS: Most organizations are not prepared to defend themselves against targeted
and high-quality attacks that we used to see only at the nation-state and
intelligence agency level. That includes social engineering and technical attack
vectors. If you add the use of AI, it’s clear that more organizations are going
to face sophisticated attacks.
CS: Companies are poorly prepared to deal with testing their data loss
prevention (DLP) and recovery. When it comes to data protection, for example,
many companies do the bare minimum — they implement a backup solution, schedule
their backups to run daily, and think the job’s done. They generally don’t give
any time to testing all types of data restoration or to documenting the steps so
that anyone in the IT security team can implement the process when under
pressure.
ET: The use of AI to automate and accelerate attacks, creating more effective
AI-powered malware, phishing, and voice simulation.
MK: MFA bypass. While zero-day vulnerabilities and cloud-based attacks are
recognized threats that have been in the spotlight for some time, the increasing
sophistication in bypassing MFA is a relatively newer challenge.
SH: Image-based attacks. These attacks exemplify the evolving nature of
cyberthreats. They include steganographic payloads where cybercriminals embed
malicious code, text, or files within images. This payload can be extracted
using specific tools, allowing attackers to conceal their intentions. There is
also malicious watermarking, where attackers add imperceptible watermarks to
images, containing encoded information or links to malicious content; and
polyglot files that are crafted to be interpreted as both valid images and
executable files, allowing attackers to bypass certain security checks.
RA: Ransomware. Most companies don’t have a standard playbook on how to deal
with a ransomware incident.
JC: With their legacy technologies, a lack of skilled staff, and AI in the hands
of cybercriminals, unprepared IT teams relying on average solutions to protect
their business are likely to be hit hard by the emerging wave of intelligent
persistent threats.
WHAT DO YOU EXPECT ATTACKERS TO FOCUS ON MOST IN 2024?
AK: AI-powered cyberattacks, with cybercriminals leveraging AI and machine
learning (ML) to enhance the sophistication of their attacks.
MK: AI-powered attacks and more targeted ransomware campaigns. Attackers are
leveraging advanced AI algorithms to automate their attack processes, making
them more efficient, scalable, and difficult to detect. These AI-driven attacks
can adapt in real time, learning from the defenses they encounter and finding
innovative ways to bypass them. Ransomware attacks are evolving into more
targeted campaigns as cybercriminals focus on critical infrastructure and
high-value targets, aiming to inflict maximum damage and, in turn, demand
exorbitant ransoms.
PG: There seems to have been a great deal of energy spent by cybercriminals on
account takeover attacks in 2023. I think we will see a continued and
concentrated effort by threat actors to attack identities first and foremost, as
this affords them a variety of pivot points for additional attacks.
ET: Attackers will continue to focus on attack kits and account takeover
attacks. It is almost impossible to stop all employees from clicking on
increasingly sophisticated phishing emails.
SH: 2024 may see new threats emerge based on technological advancements,
geopolitical events, and changes in attacker tactics. This may include deepfake
and synthetic media attacks. As deepfake technology advances, attackers may use
it for disinformation campaigns, impersonation, or to manipulate media for
malicious purposes. At the same time, established attacks including ransomware,
supply chain attacks, and data privacy violations are likely to continue and
increase. Attackers may focus increasingly on exploiting vulnerabilities in IoT
and operational technology (OT).
RA: Attackers are shifting toward small and mid-market businesses as they are
aware of the increased digitization and lack of cybersecurity professionals in
the market.
SvdW: Attackers will keep exploiting the weakest links within businesses. As
always, cybercriminals are interested in the path of least resistance. This
means organizations need to make sure they have an overarching strategy ready to
deal with all vectors rather than focus on one.
JC: I see two trends. The first one is the continuation of the usual threat
vectors as attackers know that companies are both understaffed with
inexperienced IT teams and grappling with possibly legacy, outdated, or
misconfigured solutions. The second one is the natural evolution of technology —
as we enhance our security assets with AI-based solutions, we are automatically
creating new attack vectors that are crafted based on the quality of results of
generative AI itself.
AS AI-ENABLED CYBERATTACKS TAKE DEEPER HOLD IN 2024, WILL SECURITY VENDORS NEED
TO DO MORE TO HELP COMPANIES DEAL WITH ATTACKS?
SS: Organizations should prepare themselves for compromise. This means that, in
addition to the initial prevention, we should focus on the detection of ongoing
attacks and the corresponding response, for example with decentralized security
at the edge.
MK: The inherent adaptability of AI-driven threats, which can analyze defenses
and recalibrate their tactics in real time, challenges the traditional
preventive measures. Security vendors must equip organizations with tools not
only for rapid breach detection, but also for understanding the scope and
containing the threat swiftly.
SH: Security vendors need to evolve beyond a purely preventative approach and
embrace a more holistic strategy that includes detection, response, recovery,
and continuous improvement.
Subscribe to Journey Notes
Tilly Travers
Tilly Travers is Director, PR and Communications, International for Barracuda.
Related Posts:
Cybercriminal syndicates get into the protection racket
How big is big? MOVEit breach is on track to be biggest in years.
How Zero Trust and the principle of least privilege work together
CISA needs to rally citizen cybersecurity army
Tweet
Share
Share
Tweet
Share
Share
--------------------------------------------------------------------------------
Popular Posts
Quishing: What you need to know about QR code email attacks Threat Spotlight:
How attackers use inbox rules to evade detection after compromise Threat
Spotlight: Reported ransomware attacks double as AI tactics take hold Empathy:
The key to unlocking successful partnerships Cybersecurity Awareness Month 2023:
Events, security tips, and more
Topics
13 Email Threat Types Ransomware Protection Microsoft 365 Email Protection
Network Protection Application and Cloud Protection Data Protection and Recovery
Healthcare Education Industrial and IoT Security Managed Services Digital
Transformation Barracuda Engineering
Resources
Free Email Threat Scan Cyber Liability Insurance Guide Careers at Barracuda
Barracuda Engineering Barracuda News Room
2023 © Journey Notes
* Email Protection
* Application Protection
* Network Protection
* Data Protection
* Managed XDR
HOW BARRACUDA USES COOKIES
YOUR PRIVACY
YOUR PRIVACY
Barracuda Sites may request cookies to be set on your device. We use cookies to
let us know when you visit our Barracuda Sites, to understand how you interact
with us, to enrich and personalize your user experience, to enable social media
functionality and to customize your relationship with Barracuda, including
providing you with more relevant advertising. Note that blocking some types of
cookies may impact your experience on our Barracuda Sites and the services we
are able to offer.
* STRICTLY NECESSARY COOKIES
STRICTLY NECESSARY COOKIES
Always Active
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be
switched off in our systems. They are usually only set in response to actions
made by you which amount to a request for services, such as setting your
privacy preferences, logging in or filling in forms. You can set your browser
to block or alert you about these cookies, but some parts of the site will
not then work.
* ANALYTICS COOKIES
ANALYTICS COOKIES
Analytics Cookies
These cookies help Barracuda to understand how visitors to our pages engage
within their session. Analytics Cookies assist in generating reporting site
usage statistics which do not personally identify individual users.
* PERFORMANCE COOKIES
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure
and improve the performance of our site. They help us to know which pages are
the most and least popular and see how visitors move around the site. If you
do not allow these cookies we will not know when you have visited our site,
and will not be able to monitor its performance.
* TARGETING COOKIES
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They
may be used by those companies to build a profile of your interests and show
you relevant adverts on other sites. They do not directly identify you, but
are based on uniquely identifying your browser and internet device. If you do
not allow these cookies, you will experience less targeted advertising.
* FUNCTIONAL COOKIES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Back Button
ADVERTISING COOKIES
Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts
Select All
* REPLACE-WITH-DYANMIC-HOST-ID
33ACROSS
33ACROSS
View Third Party Cookies
* Name
cookie name
* REPLACE-WITH-DYANMIC-VENDOR-ID
33ACROSS
3 Purposes
View Privacy Notice
33ACROSS
3 Purposes
View Privacy Notice
REPLACE-WITH-DYANMIC-VENDOR-ID
Consent Purposes
Location Based Ads
Consent Allowed
Legitimate Interest Purposes
Personalize
Require Opt-Out
Special Purposes
Location Based Ads
Features
Location Based Ads
Special Features
Location Based Ads
Clear Filters
Information storage and access
Apply
Confirm My Choices
COOKIE ACCEPTANCE
We use cookies to make our website work. We and our partners would also like to
set optional cookies for analytics purposes, as well as to measure and improve
the performance of the website, and to remember your preferences and provide you
enhanced functionality and personalization. Click on the Cookies Preferences
button to find out more and set your preferences.
Click on the Accept All button if you consent to the use of all such cookies. If
you choose to allow the use of such cookies, you will be able to withdraw your
consent at any time. Please refer to our Privacy Policy to better understand
your rights.Privacy Policy
Accept All Cookies
Cookie Preferences