No one knows what "The Next Big Thing" will be in the threat landscape. What is possible is to look back to 2023, identify notable actor behaviors and make an informed assessment of what 2024 may have in store. With in-depth knowledge of a year full of threat actor activity, based on millions of daily threats disseminated via emails, it is possible to predict what influences the coming year.
- Quick Response (QR) codes continue to grow
Last year was the year of QR codes. And while they are not new, QR codes came on the rise last year. They were also used in many phishing and malware campaigns. There are several reasons for this, but the bottom line is that people are now used to scanning QR codes for everything from instructions to menus. Threat actors are taking advantage of this.
Alexis Dorais-Joncas, Threat Research Expert at Proofpoint, emphasizes that QR codes still only exist in the field of cybercrime. Advanced Persistent Threat (APT) actors are not yet using the codes, but they may well start using QR-code phishing. as well.
- Exploitation of Zero-Day and N-day vulnerabilities.
The creative use of vulnerabilities, both known and unreported, in the activities of threat actors was a common theme in 2023. APT actors took advantage of many different exploits. From TA473, which exploited publicly accessible Web e-mail servers, to spy actors who used Zero-day in an e-mail security gateway forcing users to take down and reinstall physical hardware. But e-crime industry actors also used some of the vulnerabilities, such as the MOVEit file transfer vulnerability service that had disastrous consequences in the spring of 2023. And the ScrenConnect flaw, which was announced last fall. Actors used both methods before they were officially published.
Exploitation of vulnerabilities is expected to continue. This is partly driven by improved defenses, making traditional techniques such as documents with macros, less useful. The vast financial resources available to cybercriminals today, which were once solely the domain of APT, also play a role. Randy Pargman, Threat Research Expert at Proofpoint, said, "The creativity of cybercriminals is a direct response from defenders imposing costs on our adversaries."
- Constant, unexpected behavioral changes
The cybercrime landscape is extremely chaotic, with TA577 being the most unregulated of all. The tactics, techniques and procedures (TTPs) of some of the most sophisticated actors, keep changing. The costs imposed on threat actors, from law enforcement defusing massive botnets like Qbot to enhanced detection and automated defenses, force cybercriminals to regularly adjust their behavior to figure out what is most effective.
Proofpoint researchers recently observed the increased use of traffic distribution systems (TDSes). Some examples include 404TDS and Keitaro TDS, a unique and not often observed file format such as URL shortcuts (.url) and scalable vector graphics (.svg). They also saw multiple new malware loaders, programs that steal information and old malware such as DArkGate emerging as a popular payload. Threat actors in cybercrime are changing their behavior in direct response to what defenders are doing. Many more TTP experiments are expected by 2024.
- Artificial Intelligence (AI)
Just as companies are now exploring how to integrate AI into their workflows, threat actors are exploring ways to use this technology in their tactics. While there is much concern about AI-developed phishing emails and content in general, the impact of such threat actors is negligible. The same tools that detect harmful language, sentiment, tone, subject matter, etc., are as effective against robots as they are against humans. What does have an impact is the use of AI tools to improve overall efficiency. Consider scaling up information operations or fraud that starts with a benign conversation. He use of coding assistants to supplement knowledge, or faster creation of malicious content. - Sharing in the community means joint defense
As the threat landscape continually changes and exploits and techniques emerge, the cybersecurity community continues to collectively share knowledge and defend against cybercriminals. The expectation for 2024 is, this community mentality will become more important than ever.
Read more from us: here.
