IBM forecasts that in 2024, cybercriminals will significantly enhance their tactics using generative AI, marking a new era of deception and identity exploitation. The company warns that attacks will increasingly involve counterfeit and stolen privileged access credentials, compromising networks.
According to Gartner, 75% of security failures stem from the insecure management of privileged access credentials—a notable increase from 50% just three years ago.
A report from Unit 42 reveals that 99% of the identities analyzed across 18,000 cloud accounts showed at least one misconfiguration, indicating serious flaws in Identity Access Management (IAM) protection.
CrowdStrike’s 2023 Threat Hunting Report highlights that 80% of cyberattacks employed identity-based techniques to exploit legitimate credentials and evade detection. It notes a staggering 112% rise in advertisements for access-broker services in the criminal underground this year.
Why Generative AI is Transforming Cyberattacks
Cybercriminals are adept at identifying vulnerabilities across threat surfaces, leveraging generative AI to discover new exploitation avenues. IBM suggests that attack strategies will adopt a multidimensional approach, utilizing sophisticated social engineering techniques powered by generative AI.
IBM’s Ten Cybersecurity Predictions for 2024:
1. A Surge of Deception: Charles Henderson, global head of IBM X-Force, anticipates an uptick in cybercriminal activity against a backdrop of global instability, major elections, and the Paris Olympics, predicting advanced disinformation campaigns using sophisticated AI-generated tactics.
2. Easier Data Monetization: Generative AI will enhance cybercriminals' ability to monetize stolen data, streamlining the filtering, correlation, and categorization processes, which will resemble customer acquisition strategies.
3. Rise of Doppelgänger Users: As identity-based attacks increase, Dustin Heywood, chief architect of IBM X-Force, expects to see more “doppelgänger” users in enterprise environments. Abnormal user behavior may signal compromise, with millions of valid credentials available on the Dark Web.
4. The AI Version of Morris Worm: The emergence of AI-driven attacks reminiscent of the Morris Worm is imminent, according to John Dwyer, head of research at IBM X-Force. As AI technology becomes more accessible, adversaries will increasingly test this new attack surface.
5. Ransomware’s Midlife Makeover: Dwyer predicts a potential decline in ransomware payments in 2024 as organizations refuse to comply with ransom demands and choose to invest in system recovery instead.
6. Focus on Critical Data Security: Akiba Saeedi, vice president of data security at IBM, states that as generative AI integrates into enterprises, the critical assessment, classification, and protection of data will be paramount for security leaders.
7. Security Analysts Empowered by AI: Generative AI is set to empower security analysts by automating mundane tasks, allowing them to tackle more complex challenges, according to Chris Meenan, vice president of product management at IBM Security.
8. From Prevention to Prediction: As AI technology advances, the shift from threat detection to threat prediction is on the horizon. Sridhar Muppidi, CTO of IBM Security, envisions generative AI fundamentally transforming threat response methodologies.
9. Revamping Security’s Identity Crisis: Wes Gyure, director of identity and access management at IBM Security, predicts a move towards an “identity fabric” approach that integrates existing identity solutions to simplify security authentication and enhance visibility.
10. Quantum Threats Rising: Ray Harishankar, IBM Fellow in Quantum Safe, warns of increasing “harvest now, decrypt later” attacks as quantum computing advances, urging preparation for new cryptographic standards expected in early 2024.
In summary, organizations must remain vigilant as cybercriminal tactics evolve and generative AI reshapes the threat landscape.
Ranking
