We are in a world where every click can be a trap, and every email a gateway to a new attack. We have already discussed the most common cyber-attacks and how they can affect business assets. In this article we will go a step further to analyze how these AI-powered cyberattacks have evolved in 2024 and how you can deal with them.
1. Increasingly sophisticated social engineering attacks
In 2024, social engineering attacks will continue to take center stage. However, they will be harder to detect and more personalized than ever, with phishing and deepfakes leading the way. Cybercriminals are already implementing new techniques to achieve their goals. One of them is callback phishing, also known as callback phishing. In this new type of attack, cybercriminals send an email to victims simulating expensive subscriptions, in which they include a telephone number. The victims, upon seeing the high amount, call the phone number in the email in order to cancel the subscription. It is in that call that they will try to steal your data. Now then… How to avoid this and other types of social engineering attacks? With awareness and a robust Zero Trust security strategy. An example of this is Via Celere, which with the accompaniment of Softeng has achieved an advanced level of security, managing daily and centralized through Softeng Max Platform alerts Microsoft 365 and Azure. Here we tell you more about Vía Célere’s success story.
Ransomware and malware on new attack surfaces.
Malware will also continue to rise, exploiting new attack surfaces and new vulnerabilities. And yes, they will also be increasingly difficult to detect. New techniques such as dual ransomware or triple extortion attacks are already multiplying attacks and generating further financial, compliance and reputational consequences. The only way to avoid them is to have modern security solutions based on suspicious behavior detection, together with a policy of vulnerability analysis and management.
3. More potential entries for OT and IoT infrastructure attacks
With respect to OT, special attention will have to be given to critical infrastructures, public administrations and essential services, although private companies will also be targeted. As for IoT, more and more devices will appear that communicate with each other and access the Internet, creating more potential “gateways” for cyber attackers to exploit.
4. Identity theft and privilege escalation will continue to increase.
We are seeing more and more cases of using data such as names, Social Security numbers and bank details without consent. In 2024, these types of cyberattacks will continue to increase to produce lateral movements and compromise the maximum number of business assets. The reasons? Technological progress, characterized by greater interconnection and dependence on digital systems, which opens new doors for cybercriminals to exploit vulnerabilities.
5. Unsafe application design is gaining ground
This will be another susceptible attack surface and cybercriminals will focus on risks related to design flaws. On the one hand, we will need to obtain details of the assets published on the Internet for the detection of vulnerabilities. And, on the other hand, to establish with developers secure design principles and reference architectures based on reference frameworks.
Attacks are advancing, technology is advancing
In 2024 we will continue to battle cyber threats that are increasingly difficult to detect, and information and preparedness are our best weapons. As a leader in cybersecurity, it is our responsibility to always be one step ahead to help companies avoid attacks that can have serious consequences. Alex Imbernón, Cybersecurity Manager of Softeng, shares answers on this topic in his article: 3 key questions on cybersecurity that every CEO should know how to answer.