Robert Russell, senior director of threat operations at Blackpoint Cyber, with seven years of experience in the cybersecurity industry, shares his insights into the evolving cyberthreat landscape for 2024. Leveraging his expertise from overseeing the Security Operations Center (SOC) at Blackpoint, Russell emphasizes the necessity of vigilance, education, and adaptable, layered defense strategies to stay ahead of emerging cyberthreats. His predictions for 2024 are based on observed trends and tactics from 2023 and anticipate the following key developments:
The Abuse of Artificial Intelligence:
- Enhanced use in social engineering attacks
- Increase in sophisticated phishing attempts and deepfake videos
- AI’s role in making BEC (Business Email Compromises) more legitimate looking
An Increase in Infostealers and Malvertising:
- Increased search engine optimization (SEO) poisoning
- Malware disguised as legitimate downloads in search results
- Continuation from 2023 trends
An Increase in Sophisticated Tactics:
- More covert operations using Living Off the Land Binaries (LolBins) and RMM tools
- Difficulty in detecting threat actors within IT environments
An Upward Trend in Ransomware Operations:
- Targeting SMBs to Fortune 500 companies
- Low effort attacks on high payoff targets
- High-risk sectors include education, medical, finance, and government
A Need for Adaptability:
- Need for adaptable defense and a layered approach
- Importance of staying vigilant and educating the user base
Russell concludes by urging viewers to stay informed about the latest threat intelligence by visiting Blackpoint Cyber’s website. These predictions highlight the critical importance of advanced cybersecurity measures in the face of an increasingly sophisticated and diverse range of cyberthreats.
Hello. I am Robert Russell and I’m the senior director of threat operations here at Blackpoint Cyber. I have seven years of experience in the cybersecurity industry. A lot of knowledge and expertise has come from my time here at Blackpoint Cyber. We see threat actors’ adversarial-type actions everyday here in the Security Operations Center (SOC) that I oversee. Part of what we look at is, as we look at the changing trends and the changing & rapidly evolving landscape that happens all around us. Over 2023, we saw a number of different, changing tactics, techniques, and procedures (TTPs). And in 2024, we expect to see a continuation of some of those tactics, techniques, and procedures, enhancements to some, and then also a couple that may not be on your radar map.
Today we’re going to talk about what my perspective and predictions are for the 2024 threat landscape.
The first topic I’d like to talk with you all about today and the first thing that comes to mind is the abuse of artificial intelligence, commonly known as AI. The issue with AI that I think that we will see most often is how they’re going to use it for social engineering-based attacks. Primarily, I think that they’re going to use it to enhance their capabilities of doing things like phishing attempts, and even things like deepfake videos are going to continue to blur the lines between what seems real versus what actually is real. And so we are going to see a continuation of phishing-based attempts for Business Email Compromises (BECs), specifically, however, with those, with adding AI into the mix, we’re going to see how that enhances the threat actor’s capability to seem like they’re more legitimate and potentially compromise even more users than we saw in 2023.
Another trend—and this one is a continuation more so of what we saw in 2023—is more infostealers and malvertising. And specifically what we’re talking about, still a couple of social engineering-based attacks, but things like search engineering optimization poisoning, things of that nature, we expect to see more of. Malvertising is obviously on the rise where people will go on to Google, they will type something in, they’ll pull up a couple of the first results that happen, then unbeknownst to them, it’s actually malware that they’re downloading instead of whatever legitimate program that they’re looking for. This is a major problem, and we expect this trend to continue in 2024.
Next, once threat actors access a business email, once they land on that system, I expect to see an increase in sophisticated tactics that they will use once they’re in the environment. What I mean specifically by that is every day we see these cybercriminals, these threat actors, the adversarial actions, we see them trying to blend in more and more within the environment that they land. We see them trying to appear like they are regular admins doing regular admin work in the environment. They do this by using things like Living Off the Land Binaries (LolBins). They also do this by using things that may be installed in the environment such as RMM tools (remote monitoring and management tools). Things that our customers, our partners, in most businesses will have in place. They do this to appear more stealthy and again to try and blend in a little bit better. These tactics that they use will make it so that it’s more difficult to observe what the threat actors are doing or even understand that there’s a threat actor in your environment until it potentially could be too late.
I expect for an increase, but also a sustained trend of ransomware type operations. We can’t go more than a day or two without seeing ransomware in the news. It is that persistent issue that all businesses are facing. I think that everyone from small- and medium-sized businesses (SMBs) all the way up to Fortune 500-based companies can expect to see being targeted for ransomware-based operations.
Again, this is something that we see very common. It’s a combination of all of the different tactics, techniques, and procedures that we talked about. I think that, again, everything from small- and medium-sized businesses can expect to see an increase in attacks. Threat actors are going to be looking for anything that’s low effort and what they deem is potentially a high payoff target. So not only small- and medium-sized businesses, but again, things that we think of that could be potentially looked at as high payoff type targets. So things in the educational and medical verticals, things like banks, casinos, and even government agencies are all at risk of being attacked from ransomware operators.
Finally, what I’d like to discuss with all of you is the endless dynamic and rapidly-evolving threat landscape that we see ourselves entering into in to 2024. This strategic cyber match that we’re in, this game of chess almost, that we play back and forth between the threat actors and between ourselves. I think with a little bit of vigilance, with some education, and then with some adaptable defense and layered-type approach, I think that we will be able to best protect ourselves from not only the threat trends that we saw in 2023, but also what we expect to see in 2024.
And so with that, we need to make sure that we are adapting to what the threat actors are doing. We have to make sure that we stay vigilant, and we have to make sure that we educate our entire user base to make sure that we are prepared for the cyberthreat landscape of 2024.
Please check us out on blackpointcyber.com to look at all of our latest threat intel.