5 April 2024

The Biggest Cybersecurity Issues and Challenges in 2024


The cybersecurity threat landscape is constantly changing as cybercriminals refine their techniques and take advantage of new vulnerabilities, technologies, and attack vectors. Some of the most significant threats to corporate cybersecurity in 2024 include the following:

Ransomware Zero-Days and Mega Attacks

Ransomware has been one of the most significant threats to corporate data security and cybersecurity for several years. However, the evolution of this threat over time has exacerbated the impact that these attacks have on target organizations.

2023 saw a massive number of high-profile and large-scale ransomware attacks, such as the breach of MGM Resorts International. Some of the key factors that contributed to ransomware’s success include:
  • Evolving Capabilities: Ransomware operators are constantly working to optimize and improve their attacks. The introduction of intermittent encryption, breach-only attacks, and advanced evasion techniques make these attacks more difficult to detect and shut down before damage is done.
  • Zero-Day Exploitation: In 2023, CL0P stood out for its use of zero-day vulnerabilities to perform large-scale ransomware attack campaigns. The group commonly targets file transfer tools (GoAnywhere, MOVEit, and Accellion’s File Transfer Appliance) to perform attacks that impact hundreds or thousands of organizations at a time. Other groups using zero-days for ransomware attacks include Akira, Lockbit, DarkCasino, and Nokoyawa.
  • Selective Targeting: Ransomware groups are increasingly selecting their targets for maximum impact. Companies with large numbers of customers or the potential to spread ransomware to other organizations are prime targets because they maximize the potential payoff of the attack.
State-Affiliated Hacktivism and Wipers

The overt use of cyberattacks for warfare and to achieve political ends used to be relatively rare. However, in the last few years, it has become commonplace, especially in the context of the Russian-Ukrainian war.

Whether affiliated directly with the government or acting as independent hacktivists, cybercrime groups are increasingly using distributed denial-of-service (DDoS), wipers, and other disruptive attacks in support of their causes. For example, Anonymous Sudan — suspected to have Russian affiliations — has performed numerous high-profile DDoS attacks against Microsoft, Telegram, Twitter (X), and Scandinavian Airlines. Iranian-affiliated KarMa and Agrius, on the other hand, specializes in breaching sensitive data from Israeli organizations and, occasionally, deploying wipers as well.

The Use of AI in Cybersecurity

The rapid rise of artificial intelligence (AI) in recent years has both positive and negative implications for corporate cybersecurity. While companies can use AI to enhance their threat detection and response capabilities, cybercriminals can do so as well to improve the effectiveness of their attacks.

One common use of AI for offensive cybersecurity is the development of phishing emails and malware. With generative AI (GenAI), cybercriminals can create phishing messages that lack many of the typos and other errors that defined these threats in the past. Additionally, while many GenAI tools have guardrails against malware development, these can be easily circumvented by attackers, enabling attackers to develop sophisticated malware more quickly than they would otherwise be able to.

Data Breaches

Data breaches have always been a major cybersecurity concern for organizations. The exposure of sensitive customer or corporate data can hurt a brand’s reputation, reduce profitability, or result in legal or regulatory action.

While, in the past, companies may have gotten away with a slap on the wrist after a breach, this is no longer the case. In recent years, it has become increasingly common for data breaches to result in litigation and significant fines and settlements for breached organizations. In the case of Uber, the Chief Information Security Officer (CISO) was even found guilty of attempting to conceal a data breach from the Federal Trade Commission (FTC).

Data privacy laws are growing more numerous and stringent in their protection of customers’ personal data. As regulators actively investigate incidents and enforce requirements, organizations that are non-compliant or experience a breach due to negligence are likely to incur significant penalties.

Compromised User Credentials and Tokens

The shift to remote and hybrid work arrangements drove new approaches to security. As remote workers needed access to on-prem and cloud environments, companies adopted single sign-on (SSO) and multi-factor authentication (MFA) to secure access to corporate applications and data.

This transition inspired cyber threat actors to target access tokens that grant access to cloud-based resources. Often, this is accomplished by stealing tokens insecurely stored with third parties or cloud service providers.

For example, Microsoft has experienced several token-related security incidents. One event included the inadvertent exposure of sensitive data due to a misconfigured Azure SAS token intended only to share open-source AI training data. Another incident involved the theft of a Microsoft account (MSA) consumer signing key that was stored insecurely within the compromised account of a Microsoft engineer. With this key, the attacker could generate and digitally sign authentication tokens for various Microsoft services.

Another notable token-related cybersecurity incident was the October 2023 breach of Okta. Stolen credentials permitted the attackers to access Okta’s customer support management system. This allowed the attacker to steal sensitive files that included cookies and session tokens that could be used to hijack customer sessions and gain unauthorized access to their environments.

PIP Install Malware

The widespread use of open-source software (OSS) generates significant application security concerns (AppSec). The vast majority of applications use at least some open-source libraries and dependencies. However, these open-source components may be maintained by individuals, may have been abandoned, and likely do not meet enterprise-grade secure coding standards.

Cyber threat actors are increasingly targeting OSS repositories as a method of compromising corporate environments and introducing vulnerabilities or malicious code into new applications. Some common methods include:
  • Typosquatting: In typosquatting attacks, cybercriminals create libraries and packages that mimic the names of widely used legitimate ones. If a developer mistypes the name when installing a dependency from PyPI, NuGet, or other OSS repos, then malicious code is embedded within their application.
  • Brandjacking: Brandjacking takes advantage of the fact that some widely used packages are distributed only via GitHub, rather than package repos. This allows attackers to create malicious versions of legitimate libraries that will be imported if a developer tries to download the package in question.
  • Dependency Confusion: Dependency confusion attacks take advantage of the fact that some libraries are hosted in private repositories. If an attacker creates a public repo of the same name, the package manager will download it instead of the private version.
  • Account Takeover: Account takeover attacks attempt to take over abandoned GitHub accounts, allowing the attacker to add malicious code to legitimate packages. For example, an attacker can claim an expired domain name, and then reset the GitHub passwords associated with that domain.
Often, developers don’t perform security testing on the third-party dependencies that they import into their projects. This makes this an effective attack vector for cyber threat actors, especially if they can trick users of a widely used repository.

How to Deal with Cybersecurity Challenges in 2024

In 2024, organizations face a growing volume of sophisticated and damaging cyberattacks. Cyber threat actors have identified highly effective and profitable attack vectors, and the growing use of automation and artificial intelligence enables attackers to perform these attacks at much greater scales.

AI offers organizations the ability to manage their growing cybersecurity threat landscape more effectively. With AI, companies can achieve security that is:
  • Collaborative: Threat intelligence and contextual data are invaluable for rapidly identifying and mitigating cyberattacks. AI enables this information to be generated, disseminated, ingested, and used at machine speed to more quickly shut down new and emerging attack campaigns.
  • Consolidated: Point security solutions are unmanageable and expensive, and create security blind spots. Security consolidation under a single platform enables more effective data sharing and automated remediation across all aspects of an organization’s security architecture.
  • Comprehensive: AI unlocks massive scalability by automating common and manual processes. This enables security teams to effectively protect their IT infrastructure against a wide range of security threats.
Check Point’s Infinity AI provides organizations with the AI solutions needed to protect their business against all of the threats identified in the 2024 Cyber Security Report. ThreatCloud AI is the brains behind Check Point security products, leveraging machine learning and big data to rapidly identify and prevent cyberattacks. Infinity Copilot enables security teams to scale by automating daily tasks, configuration management, and threat hunting.

No comments: