Welcome to our 2024 Cybersecurity Forecast Series! This is the last of our four expert blogs where we unveil key predictions for geopolitical threat landscape implications, AI advancements, ransomware trends, and attack surface challenges in the year ahead. You can also watch our exclusive webinar that covers these insights and answer your burning questions about what 2024 holds for cybersecurity.

Steering through 2024’s cybersecurity landscape requires a keen understanding of the geopolitical arena. This year, marked by a tapestry of global events – from elections in over 68 countries to ongoing military burgeoning influence of generative artificial intelligence (AI), and the 2024 Paris Olympics – presents a unique set of challenges and opportunities in cybersecurity. Drawing upon the extensive experience of our dedicated threat intelligence team, the Cyber Intelligence Fusion Cell (CIFC), with their deep roots in military intel and cybersecurity, this comprehensive analysis provides a critical lens through which to view and anticipate the cyber threats of 2024. Dive into our detailed exploration to arm yourself with the necessary insights for robust digital defense in a rapidly changing world.

Landmark Events

As we navigate through 2024, a series of major landmark events stand poised to capture global attention. These events are not just milestones for the public eye but also potential hotspots for cyber threat activity. In this section, we spotlight the key events that present significant opportunities for cyber threat actors to escalate their attacks and exploit vulnerabilities. From political elections to major sporting events, each presents a unique vector for potential cyber threats. Understanding these events is crucial in preparing for and mitigating the increased risk of cyber attacks. Here, we delve into why these occasions are as pivotal for cybersecurity as they are for the world at large. We predict some serious activity to occur surrounding the following:

Elections: 2024 is notable for many elections, with 7 of the world's 10 most populous nations voting. Countries that are home to nearly half of the world's people will hold elections in 2024. With the US (United States), European Union, and Russian Federation as the most prominent mentions, it is expected that risks like voting system security, misinformation, data protection, infrastructure attacks, foreign interference, and phishing frauds to be exploited by rogue hacktivists or even state-sponsored cybercriminals.

Current Military Conflicts: Considering that the major military powers are engaged in the current conflicts it is reasonable to estimate that a substantial portion of the world's military is mobilized to face current threats. This would increase the focus of state-sponsored cybercrime, leading to heightened cyber threats, targeting of critical systems, and a rise in the development of sophisticated cyber warfare which will eventually overspill in the active cybercrime environment.

Global Economy Predictions: The global economy is marked by a slow growth trend, with the IMF projecting a decrease in global growth to 2.9%. This slowdown is more significant in advanced economies compared to emerging markets. Challenges such as regional economic divergences and potential disruptions in global trade, especially in commodities, continue to pose risks to economic stability. Amidst these, cybersecurity is a major concern, with cyber incidents ranked as the top global risk. It is expected that advanced threats like sophisticated ransomware attacks, data breaches, and assaults on critical infrastructure will shape the economic domain in 2024. Supply chain vulnerabilities remain a significant issue, with many organizations lacking a comprehensive understanding of their cyber risks. Small and mid-sized businesses are particularly vulnerable due to their often-limited cybersecurity resources.

AI Democratization: The landscape of AI democratization is being significantly shaped by diverse global regulatory efforts. The U.S. and the European Union are at the forefront with their comprehensive AI approach, which could influence AI governance standards worldwide. In contrast, China's fragmented approach focuses on individual AI applications. These regulatory developments are crucial in shaping a global AI governance landscape that promotes responsible AI use, while also addressing key challenges such as privacy, security, and ethical considerations. This void in the legislation poses two major risks:

1. AI Malware: A significant threat due to its ability to adapt and evade detection makes AI-driven malware capable of executing more sophisticated and targeted cyberattacks.

2. AI-Generated Code: This can inherently contain security flaws and vulnerabilities, often due to the replication of existing vulnerabilities in the training data, leading to challenges in ensuring code security and integrity.

Paris 2024 Olympic Games: With more than a million visitors expected to be in Paris in a single month and many more watching from home, on streaming devices, this event will trigger the attention of all sorts of criminals, including ones in the digital domain. The considerable number of attendees and the high profile of the event create a vast attack surface for cybercriminals and facilitate cross-domain attacks in the information domain, physical domain and cyber domain. The cybersecurity risks associated with this event include the threat of cyber espionage, highly-customized phishing attacks, DDoS attacks against the hosts’ infrastructure, and fraudulent activities like credit card fraud, identity theft, and others.

The current cyber threat landscape is increasingly influenced by technological advancements and geopolitical dynamics. With the upcoming challenges of 2024 and ongoing military conflicts, the cyber domain has become a battleground for information control, espionage, and disruption.

State-sponsored cyber activities have intensified, with nations leveraging cyber operations for political, economic, and military advantages, which blur the lines between traditional statecraft and cyber activities. Cybercriminals continue to profit from advancements in TTPs and find opportunities to launch sophisticated attacks, like advanced ransomware, supply chain attacks, and highly-personalized phishing campaigns targeting critical state and commercial infrastructure.

Hacktivists motivated by political and social causes often use their skills to influence public opinion, disrupt governmental activities, or expose perceived injustices. This trend is particularly significant in the context of the 2024 elections and ongoing conflicts, where digital platforms can shift public sentiment and decision-making.

The 2024 cyber threat landscape is not just about technology, but the convergence of technology with geopolitics and social realities.

Threat Actors Overview

In the shadow of the landmark events shaping 2024, a diverse spectrum of cyber threat actors is emerging, vigilantly observing and waiting for opportunities to strike. This section delves into the intricate world of these digital adversaries, ranging from nation-state sponsored groups to hacktivists and sophisticated ransomware gangs. Each actor brings a unique set of motives and tactics, poised to exploit the year's significant global happenings. Understanding their profiles and modus operandi is key to anticipating and mitigating the potential cyber risks that lie ahead.

State-Sponsored Threat Actors

State-backed cyber operations are typically driven by geopolitical events and military conflicts. These actors are funded and coordinated by government entities and are involved in a range of activities, including cyberespionage, sabotage, use of destructive malware against high-impact targets and critical infrastructure, as well as coordinating propaganda and disinformation campaigns. They often have the support of their governments, which usually means they do not have to worry about law enforcement. Having access to “unlimited” resources, these cyber actors usually drive development and advancement in cybersecurity, which eventually overspill into the malware markets to be used against civilian infrastructure. The threat actors most likely to be present in 2024 are the following:

APT28 and APT29: Known for attacks against government, diplomatic, media, healthcare, energy, and political organizations, especially in countries conflicting with Russian interests. Given the ongoing geopolitical tensions, military engagements, interests in foreign elections, their history of targeting political entities and their focus on intelligence collection, there is a high probability of APT28 and ATP29 being active in 2024.
Unit 61398: This group is linked to the Chinese PLA People’s Liberation Army (PLA), known for conducting cyber espionage primarily against the U.S.. The ongoing tensions, the strategic value of the information they target, and the potential benefits gained from interfering with the 2024 elections make it likely that this group could be active in 2024.
APT10: Believed to be affiliated with China, this group targets intellectual property and sensitive data globally. Given China's extensive cyber espionage activities and the strategic value of the data they target, APT10 is likely to remain active in 2024.
Lazarus Group: A North Korean state-sponsored group responsible for high-profile attacks like the Sony Pictures hack and WannaCry ransomware. Given North Korea's isolation and reliance on cyber activities for revenue and disruption, Lazarus Group might remain a significant threat in 2024.
APT33: Believed to be associated with Iran, targeting the aerospace, energy, and petrochemical sectors. Iran's geopolitical situation in the current Middle East tensions and history of using cyber capabilities suggest that APT33 could be a key player in 2024.
APT35: Believed to be linked to Iran, known for social engineering tactics targeting government officials, journalists, and academics. As cyber operations are a critical part of Iran's strategic doctrine, APT35 may continue its activities in 2024, especially around polarizing the population in countries where elections can be shifted in Iran’s favor.

Cybercriminals

The evolution of cybercrime has seen criminal groups exploiting global events and technological advancements. These groups range from ransomware operators to initial access brokers (IABs) who sell access to compromised networks. Some of the most prolific cybercriminal groups of 2023 that will continue to operate in 2024 include:

The Cl0p ransomware gang will continue targeting high-value organizations in crucial sectors like healthcare, energy, and manufacturing in 2024. These organizations' substantial resources and heavy reliance on IT infrastructure make them profitable targets. Clop will employ sophisticated, constantly evolving attack techniques including social engineering, phishing, exploit kits, supply chain compromise, data encryption, and zero-day exploits. The group pioneered the double extortion tactic which involves exfiltrating sensitive data before encryption, providing extra leverage for ransom demands. In 2024, Clop may intensify this technique by leaking or threatening to sell stolen data. The group is also adept at laundering ransoms through cryptocurrency mixers, offshore accounts, and money mules to evade law enforcement. Clop's combination of targeting, advanced tactics, and financial tradecraft is expected to make it a major player in cybercrime in 2024.
The group behind the LockBit ransomware is expected to continue its highly-targeted approach against organizations with valuable data and intellectual property in 2024. This allows the group to demand larger ransom payments from victim's dependent on critical systems and data. LockBit has shown a growing interest in exploiting cloud environments, a trend likely to accelerate as cloud adoption increases, providing access to more expensive data sets. The group is also streamlining its administrative tools to make it easier for affiliates to deploy and manage attacks. In 2024, LockBit may further refine these tools to improve usability. The group also utilizes data leaks for double extortion, applying additional pressure on victims to pay. LockBit may expand data leaks in 2024 by exposing more sensitive data or increasing leak frequency. Overall, LockBit's tailored targeting, cloud exploits, improved tools, and aggressive data leaks are expected to make them a prominent threat actor.
BlackCat, also known as ALPHV, actively recruits affiliates and has targeted organizations globally across many industries. The group is known for using double extortion tactics, stealing sensitive data before deploying ransomware, and threatening distributed denial-of-service (DDoS) attacks if ransom demands are not met. In a pivot to boost visibility, BlackCat unveiled an application programming interface (API) to make their ransomware more accessible. BlackCat is one of the most prolific ransomware variants based on total ransom paid. Going into 2024, BlackCat may continue expanding its affiliate network to widen its reach. The group is likely to keep focusing on healthcare and critical infrastructure as lucrative targets. BlackCat invests heavily in evading law enforcement through encryption, anonymity tools, and botnets. They may also pioneer new extortion tactics like free ransomware trials. With its technical capabilities, extensive resources, and innovative tactics, BlackCat is poised to remain a dominant threat actor. Law enforcement disruption has impacted their operations, but the group's resilience enables it to continue posing a serious ransomware danger.

Hacktivists

Hacktivism, characterized by hacking techniques for political or social purposes, has become more prominent in recent geopolitical and military situations. This resurgence is particularly noticeable in conflicts such as Russia's invasion of Ukraine and the conflict in the Middle East. Based on the trends and the broader context of global cyber activities, here are some potential ways hacktivists could activate in 2024:

Exploiting Geopolitical Conflicts: With ongoing global tensions and conflicts, such as those in Ukraine and the Middle East, hacktivists could continue to take sides in these disputes. This involvement could manifest in cyberattacks aimed at disrupting government operations, leaking sensitive information, or influencing public opinion.
Targeting Emerging Technologies: As the use of AI and other emerging technologies grows, hacktivists might target these systems to either prove a point about their vulnerabilities or to make a statement about the ethical implications of such technologies.
Increasing Sophistication of Attacks: Hacktivists are likely to evolve their tactics and tools, using more sophisticated methods of attack. This could include advanced malware, ransomware, and exploiting vulnerabilities in new and existing technologies.
Collaboration with Other Groups: There might be increased collaboration between different hacktivist groups or between hacktivists and other types of cybercriminals. This collaboration could lead to more coordinated and potentially more impactful cyber operations.
Social Media and Disinformation Campaigns: Hacktivists may increasingly use social media platforms to spread disinformation or propaganda to influence public opinion, especially related to political events or social issues.
State-Sponsored Activities: Some hacktivist groups might operate with the backing or indirect support of nation-states, engaging in cyber activities that align with the geopolitical interests of those states.
Focus on Economic and Environmental Issues: Given the current economic challenges and the global focus on climate change, hacktivists might target corporations or governments perceived as harmful to the environment or contributing to economic disparities.
Leveraging Public Sentiment: Hacktivists could tap into public sentiment around key issues like human rights, privacy, and digital freedom, launching cyber campaigns that resonate with wider audiences.

Summary

In this forward-looking analysis, we've pieced together predictions for the 2024 cybersecurity landscape, drawing on our extensive global insights. Anticipating how key global landmark events might become focal points for cyber threats, we've identified potential targets and tactics of various threat actors, including state-sponsored groups, ransomware gangs, and hacktivists. These predictions, rooted in our deep understanding and international presence, offer a glimpse into the future maneuvers of these adversaries. For the cybersecurity community and information security teams, this article is not just a forecast but a strategic guide. It underscores the importance of staying alert during these pivotal events and adapting cybersecurity postures accordingly. As we look ahead, our insights aim to prepare and empower organizations to navigate these predicted challenges with confidence and resilience.

Dive deeper into 2024 cyber threats! Our on-demand webinar, Predictions 2024: Ransomware Evolution, AI Realities, and the Globalization of Cybercrime, goes beyond the blog, featuring live discussions on ransomware, AI/LLM, and emerging threats. Ask questions, get answers, and stay ahead.