Industrial Cybersecurity Predictions for 2024 - Part 2

As we transition to to the New Year, let's take a look at what some industry experts see impacting the industrial cybersecurity landscape in 2024. To get a look at Part 1 of these predictions, click here.

Jan Miller, CTO of Threat Analysis at OPSWAT:

• Increased use of double extortion tactics for ransomware, such as encryption and releasing data to the public if ransom is not paid.

• Increasing supply chain attacks will create stronger ripple effects due to growing interconnectedness, reinforcing the need for vendor risk management.

• State-sponsored Advanced Persistent Threat (APT) will continue to perform espionage, IP theft, and disrupt critical infrastructure.

• The cybersecurity workforce shortage will require more automation and easily digestible threat intelligence and orchestration.

• More LLM-based (Large Language Model) threat detection start-ups will emerge, such as image based malware detection.

• Email and Phishing (e.g. callback phishing attacks, QR codes, etc.) will remain a relevant attack vector.

• IT/OT interconnectedness will continue to require better security measures for critical infrastructure.

• As IoT devices proliferate, security is becoming a paramount concern. It's likely we'll see more advanced forms of encryption to protect data in transit, increased use of AI for threat detection, and a push for standardized security protocols across devices.

• There may be more regulatory requirements for IoT security to ensure consumer protection. Businesses will need to focus on securing their networks, educating users on security best practices, and possibly employing dedicated security teams to manage IoT-related risks.

• IoT expansion will create a larger attack surface as many IoT manufacturers prioritize functionality and cost-efficacy over security.

• Increased Targeting of Vulnerabilities: The continued exploitation of known vulnerabilities, like Citrix Bleed, is likely, especially if patches are not universally applied

• Collaboration for Defense: Enhanced collaboration between financial institutions, cybersecurity firms, and governments to share intelligence and counteract ransomware threats

Jason Kent, Hacker in Residence at Cequence Security:

• Cybercriminals will exploit shadow APIs to target all industries with sophisticated attacks. In 2022, Cequence observed a 550 percent increase in the number of unique tactics, techniques, and procedures (TTPs) employed by hackers. This trend has continued in 2023, with the number of unique threats already exceeding last year's record. In 2024, we can expect the number of unique threats to skyrocket once again.

• The dramatic surge in shadow API abuse can be attributed to the cunning persistence of threat actors and the rampant proliferation of insecure and undocumented APIs. The number of shadow APIs skyrocketed by 900 percent between the first and second half of the same year, demonstrating that threat actors recognize that with sufficient effort, they are highly likely to stumble upon a vulnerable access point. These malicious actors deftly exploit authentication coding errors to elevate their privileges and employ enumeration techniques to broaden their reach and wreak havoc.

• As recently seen with attacks against municipal facilities such as water plants, more and more we will see attacks against OT systems. Often these systems have an API Framework for communication, showing that the API expands the attack surface for most organizations and systems. Default credentials are losing the battle, and defaults on APIs are often only known to attackers.

• More security vendors will ban Generative AI platforms, pushing organizations to embrace contextual Large Language Models. Vendors are increasingly wary of generative AI platforms like ChatGPT, with 23 percent of vendors banning the use of these platforms internally this year due to security concerns. While generative AI offers the potential for greater efficiencies, its effectiveness hinges on contextual understanding. In 2024, we will see organizations build contextual LLMs based on smaller datasets (small language model?) to enhance the capabilities and security of AI platforms.

Cybersixgill’s predictions for the top 2024 cybersecurity trends include:

• AI will evolve to become more broadly accessible while cybersecurity vendors continue to address the reliability, diversity and privacy of data. AI’s value is rooted in the breadth and reliability of data, which Cybersixgill predicts will significantly improve in 2024 as AI vendors advance the richness and fidelity of results. AI will become broadly accessible to practitioners, regardless of their skillset or maturity level. As concerns for data privacy with AI grow, companies will form their own policies while waiting for government entities to enact regulatory legislation. The U.S. and other countries may establish some regulations in 2024, although clear policies may not take shape until 2025 or later.

• AI will be used as an attack tool – and a target. Black hat hackers will increasingly use AI to improve effectiveness, and legitimate use of AI will surface as a prominent attack vector. Cybersixgill believes that in 2024, threat actors will use AI to increase the frequency and accuracy of their activities by automating large-scale cyberattacks, creating duplicitous phishing email campaigns, and developing malicious content. Malicious attacks like data poisoning and vulnerability exploitation in AI models will also gain momentum, which will cause organizations to provide sensitive information to untrustworthy parties unwittingly. Similarly, AI models can be trained to identify and exploit vulnerabilities in computer networks without detection. Cybersixgill also predicts the rise of shadow generative AI, where employees use AI tools without organizational approval or oversight. Shadow generative AI can lead to data leaks, compromised accounts, and widening vulnerability gaps in a company’s attack surface.

• Tighter regulations and cybersecurity mandates will hold the C-suite and Boards accountable for corporations’ cyber hygiene. Companies must prove vulnerability prioritization and risk management with evidence-based data. In 2024, as attack surfaces widen and the frequency and scale of attacks grow, regulatory mandates will hold business leaders more accountable for their organization’s cyber hygiene. The C-suite and other executives will need a clearer understanding of their organization’s cybersecurity policies, processes, and tools. Cybersixgill believes companies will increasingly appoint cybersecurity experts on the Board to fulfill progressively stringent reporting requirements and conduct good cyber governance. 

Chandrodaya Prasad, SonicWall Executive Vice President of Product Marketing:

The complexity and interconnectedness of modern software and hardware supply chains make them attractive targets for cybercriminals and state-sponsored hackers. We've already seen notable examples, such as the SolarWinds and Kaseya incidents, where attackers compromised widely used software to infiltrate multiple organizations at once.

In 2024 we expect to see the trend of attacking suppliers instead of direct targets escalate, making supply chain security a significant concern for organizations. Given the potential for such attacks to be highly impactful, affecting not just one company but potentially hundreds or thousands, expect to see increasing pressure from regulators and customers alike to secure supply chains. The result will be stricter regulations and compliance requirements related to supply chain security, forcing organizations to scrutinize their vendors more closely.