In 2024, cybercriminals will resort to increasingly cunning methods to try to gain access to valuable resources of companies and institutions worldwide. Chester Wisniewski, Technology Director at Sophos, predicts an escalation in supply chain attacks and attacks using malicious proxy servers. He also believes that the activities of hackers will significantly affect daily society. According to the specialist, only one aspect will not change: culprits will remain solely interested in getting money.
An Indication of What’s to Come
The landscape of threats in the upcoming year won’t significantly differ from the situation cybersecurity experts observed in 2023. Hence, successful safeguarding will continue to be based on patching security vulnerabilities, which attackers are keen on exploiting, and implementing multi-factor authentication. The latter, as Sophos’s specialist assures, encourages creativity among hackers.
“The security level of companies significantly increases as more companies use multi-factor authentication. This is the reason why cybercriminals have started developing new methods like cookie theft. So, companies were—and will continue to be—exposed to a range of threats,” explains Chester Wisniewski.
In 2024, he also anticipates instances of hackers exploiting proxy servers. These allow them to covertly redirect user traffic via orchestrated servers to intercept valuable data, like usernames and passwords. Hacker groups like LAPSU$ and Scattered Spider have successfully utilized this technique to attack several large enterprises.
Influence of Ransomware Attacks
Ransomware, malicious software used by cybercriminals to encrypt files for ransoms, has become a menace to companies and public institutions worldwide. Chester Wisniewski from Sophos predicts that in 2024 governments worldwide will take actions to combat the “ransomware epidemic,” which generates massive losses for countries and corporations.
“Not only experts, but regular people are observing that hospitals, schools, law firms, and banks are severely affected by downtime related to cyberattacks. Soon, these people will start pressuring authorities to address malicious software issues. I believe that soon we will see some countries trying to outlaw payment of ransoms to hackers,” comments the specialist.
Artificial Intelligence as an Aid to Defenders
In 2023, there was hardly an industry unaffected by the rapid development of AI-based tools. AI has cemented its position in cybersecurity, detecting anomalies in large datasets, e.g., logs from corporate network monitoring. The Sophos expert predicts that AI will unburden cybersecurity teams in the near future, making them more effective in defending their resources.
Will We Say Goodbye to Passwords in 2024?
Multi-factor authentication, while effectively complicating hacking, is imperfect as it still relies on passwords. Access codes can be obtained by cybercriminals using various phishing methods. Chester Wisniewski encourages the adoption of access keys. Using them for authentication with a biometric sensor on a mobile device allows for secure use of e-mail, social media, and online shopping.
“Simplifying complex processes and automating software updates make the digital world safer for everyone,” argues Sophos’s expert.
Despite significant progress by many hardware manufacturers and app developers, many devices and pieces of software still have low security levels according to Wisniewski. He emphasizes that too little is being invested in safeguarding open-source software, which is substantially responsible for providing cloud-based services. This directly affects the safety of all devices with access to such a cloud.
Leaving windows and doors wide open invites uninvited guests in. “Work and investments in cybersecurity pay off. It’s worth continuing them to make attacks costlier and more labor-intensive for hackers. Patching software vulnerabilities, continuous multi-factor authentication, and network monitoring are equally important and effective.” concludes the specialist.