Share this article on:
When it comes to cyber security, the one thing that never changes is that the state of play changes all the time.
Between the changing face of technology and the evolving tactics of the criminals themselves, cyber security is a fast-moving space, and what might have been true one year could be out of date the next.
To help you navigate the next 12 months, we’ve gathered crystal ball gazings from a raft of industry experts on what they think might happen in 2024.
Let’s check in a year and see what they got right!
Thomas Fikentscher, regional director ANZ at CyberArk
The rise of cascading supply chain attacks
We have witnessed more and more cyber breaches this year that share a similar profile – risks are coming from outside of organisations’ operations, and they are actually sitting somewhere nearby.
For instance, banks’ risk exposure could derive from the law firms they are associated with. Depending on how many subcontractors are involved within the same supply chain, the risk can also extend to two to three levels down. Organisations need to, therefore, assess their immediate (tier zero) partners who have direct access to their system. Still, then they also need to understand the access levels of their partners’ subcontractors and so forth. And this high level of complexity creates this cascading impact.
As digital transformation accelerates, this issue will only continue to gain traction, making it easier for attackers to gain access through connected and trusted partners. Understanding who connects with whom will be critical.
Stephen Robinson, senior threat intelligence analyst at WithSecure
Professionalisation of cyber crime
In recent years, we’ve seen mass exploitation of Internet-facing services take off as a route into a network to get to the valuable data on the inside, whether by APT groups, ransomware actors or initial access brokers. I believe the success and methodology of the recent MOVEit compromise by the ransomware group Clop will begin to inspire more mass exploitation campaigns targeting edge data transfer servers in a similar vein.
MOVEit was typically used for the reliable transfer of large volumes of important files between organisations. Clop exploited MOVEit servers to gain access to and exfiltrate these important, valuable files. For a ransomware group, access to large volumes of valuable data is the end goal; they did not need to go further into the network than the exposed, vulnerable MOVEit servers. I expect to see more copycat attacks where the value is the exploited server itself, not the access it provides to the rest of the network.
Rob Dooley (VP APJ) and Sabeen Malik (VP global government affairs and public policy) at Rapid7
Ransomware
Australia is second in the world for the most ransomware attacks, and there will be no let-up in 2024. We can expect to see more high-profile breaches, and rather than extracting personally identifiable information, we anticipate more disruptive attacks on critical infrastructure as adversaries target greater rewards and create more disruption. Organisations will focus on proactive exposure management and prevention, from the endpoint to the cloud, to reduce material impact of ransomware attacks.
George Lee, senior vice-president, Asia-Pacific and Japan, at Imperva
Phishing and social engineering attacks will remain the top threats
As GenAI advances, expect to see an escalating risk from cyber threats, particularly social engineering tactics. The most concerning issue is that simple phishing attacks are still the most common and effective. Resolving this demands a shift in mindset – we need to recognise that cyber security isn’t just the concern of experts or senior leadership; it’s a collective responsibility that extends to all of us. The first step is to make cyber security easier to understand and recognise that it isn’t limited to advanced technology.
Josh Lemos, chief information security officer (CISO) at GitLab
Watch out for the supply chain
Attacks on the open-source software supply chain will accelerate. Expect attacks focused on ungoverned open-source ecosystems to accelerate in 2024. We’ve already seen how attackers have learned to seed open-source repositories with malicious Python packages that have names that closely resemble popular legitimate packages. Given the reliance of software developers on these packages, this kind of attack is likely to persist – and to result in serious vulnerabilities – for the foreseeable future. And since over 90 per cent of the world’s software is built on top of open-source code and open-source languages, this will have broad implications. As a partial solution, I expect to see more companies and teams using AI to assess the risk of open-source packages.
John Kindervag, chief evangelist at Illumio and zero-trust creator
Supply chain woes
The strength of the supply chain will continue to be a major concern. Globally, we can expect to see increased documentation and guidance from government agencies outlining how organisations can determine if they have clean software and hardware in place. This is especially true for industries like chip manufacturing (where China plays a big role), as there is a concern about adversaries injecting malicious capabilities into the technology stack. The new Australian Cyber Security Strategy outlines that the government will help industry manage supply chain risks and make more informed procurement decisions, so we will also see this start to play out.
Shane Maher, managing director at Intelliworx
Cloud security concerns
Cloud account hijacking has seen a significant rise, posing a widespread and attractive target for cyber criminals. Cyber security professionals in 2024 should prioritise protecting cloud environments, given the increased focus of threat actors on infiltrating cloud-based systems, bypassing the need for traditional port-scanning tools during attacks.
Liam Dermody, director of red team at Darktrace
Ransomware crews will focus their attention on APAC countries
Late 2023 has seen an increase in ransomware targeting APAC countries, as reported by Hong Kong’s Computer Emergency Response Team Coordination Centre (HKCERT).
This could represent a longer-term pivot to APAC by ransomware operators, as the region has key similarities to Central America, which saw an extraordinary spike in ransomware attacks in 2022.
APAC contains some of the fastest-growing economies in the world but also contains many businesses that are not as prepared as their counterparts in other regions, which have historically been the focus of ransomware attacks.
As such, much of APAC represents a greenfield investment for ransomware operators.
Furthermore, APAC represents less of a risk to ransomware operators when compared to their “traditional hunting grounds” like the US, where cyber criminals are being subjected to increased scrutiny from government, intelligence agencies and law enforcement. This combination of lowered risk and heightened reward could see the ransomware operators continue to focus on APAC well into 2024.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.