CS Mar-Apr 2024
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>2024</strong> predictions<br />
?? ?<br />
actors can sometime bypass and LLMs<br />
designer-imposed limits and access data they<br />
shouldn't. During <strong>2024</strong>, WatchGuard Threat<br />
Lab predicts that a smart prompt engineer,<br />
whether a criminal attacker or researcher, will<br />
crack the code and manipulate an LLM into<br />
leaking private data.<br />
"With around 3.4 million open cybersecurity<br />
jobs and fierce competition for available talent,<br />
more SMEs will turn to trusted managed<br />
service and security service providers, (MSPs<br />
and MSSPs), to protect them in <strong>2024</strong>. To<br />
accommodate growing demand and scarce<br />
staffing resources, MSPs and MSSPs will<br />
double down on unified security platforms<br />
with heavy automation, using artificial<br />
intelligence and machine learning.<br />
"Cybercriminals can buy dark web tools to<br />
send spam email, automatically craft convincing<br />
texts and scrape the Internet for a target's<br />
information, but a lot of these tasks are still<br />
manual and require attackers to target one<br />
user at a time. Well-formatted tasks like these<br />
are perfect for AI automation - making it likely<br />
that AI-powered tools will emerge as <strong>2024</strong>'s<br />
dark web best sellers.<br />
"Finally, while QR codes have been around for<br />
decades, we expect a major headline-stealing<br />
hack in <strong>2024</strong>, caused by an employee following<br />
a QR code to a malicious destination."<br />
DAVID MAHDI, CHIEF IDENTITY OFFICER,<br />
TRANSMIT SECURITY<br />
"Generative AI is enabling fraudsters to create<br />
more deceptive phishing campaigns,<br />
deepfakes and cyberthreats that evade<br />
standard detection methods. While ChatGPT<br />
can be used for malicious intent, it has some<br />
security guardrails. So bad actors quickly<br />
recognised they could build their own services<br />
to create and proliferate fraud campaigns.<br />
"Enter: FraudGPT, a service (among others) on<br />
the dark web giving cybercriminals the power<br />
of generative AI, with no security limitations.<br />
Want malicious code? Just ask. Need language<br />
translation and images for a phishing<br />
campaign? Done to perfection. Phishing<br />
attacks have increased over 1,200% in 2023 -<br />
a meteoric rise since the release of GenAI.<br />
"So, what can security leaders expect? At<br />
minimum, the volume and sophistication of<br />
attacks will continue to rise as GenAI gets<br />
smarter and bad actors learn how to wield<br />
its power. And it's not just phishing attacks.<br />
Fraudsters are now able to create polished,<br />
eye-catching ads for fake goods or services,<br />
collecting payments for goods that are never<br />
sent or leading victims to download remote<br />
access trojans (RATs) or banking trojans. Once<br />
installed, they log keystrokes or overlay fake<br />
login forms to steal credentials, even one-time<br />
passcodes.<br />
"Perhaps more unsettling, scammers are<br />
starting to use conversational bots on social<br />
media to mimic local dialects, professional<br />
language or gamer lingo, for example.<br />
They can even respond to DMs to build<br />
relationships and create positive, but fake,<br />
reviews. We expect this type of manipulation<br />
to grow and facilitate new types of fraudulent<br />
schemes."<br />
What can security leaders do? asks Mahdi.<br />
"To protect against the expected increase in<br />
volume and velocity of attacks, security leaders<br />
need to prepare their teams, process and<br />
technology. From a technology perspective,<br />
it's crucial to implement identity and security<br />
solutions that use equally powerful AI and ML.<br />
Advanced cybersecurity and anti-fraud must<br />
be fused with customer identity and access<br />
management (CIAM). For accurate detection<br />
of evasive threats, it's essential to leverage<br />
hundreds of detection methods and analyse<br />
anomalies within the full context of all that's<br />
happening in real time. Orchestration is a<br />
key component necessary for consolidating<br />
capabilities and correlating data - for contextaware<br />
risk and trust decisioning. From a<br />
process perspective, fraud teams should<br />
conduct table-top exercises and threat simulations<br />
to ensure they're ready."<br />
Jeff Williams, Contrast Security:<br />
thousands of COVID-19-related websites<br />
are being launched by cybercriminals.<br />
Phil Bridge, Ontrack: cybersecurity is mostly<br />
a human issue.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Mar</strong>ch/<strong>Apr</strong>il <strong>2024</strong> computing security<br />
19