SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Egress experts predict wave of AI weaponisation in cyber threats for 2024
Wed, 27th Dec 2023

As a new wave of increasingly sophisticated cyber threats emerges, Egress experts unveiled their top cybersecurity predictions in 2024. From complex phishing to the weaponisation of AI, these predictions reflect both the advancements in cybersecurity technology and the escalating creativity of cyber criminals.

Jack Chapman, VP of Threat Intelligence at Egress, cautions that cyberattacks will become more automated and personalised in the coming year due to cyber adversaries leveraging Open Source Intelligence (OSINT) to create specific templates of phishing attacks. "The reduction in attacker participation allows for more sophisticated targeted attacks, without the threat actor spending time, money or effort, and ultimately raising the average bar of successful attacks," Chapman warns.

The evolving threat has expanded to target the technology and AI systems in place to protect organisations. Attackers are exploiting the learning mechanisms of these protections, teaching them that all their attacks are "safe." Chapman also raised the growing threat posed by compromised business accounts to supply chains.

Egress's Threat Intelligence Lead, James Dyer, points to a rise in multi-channel attacks utilising methods commonly seen in marketing. Cyber attackers are using ways to add legitimacy to their engagements by creating connections across different communication platforms. As a result, channels with fewer security systems, such as WhatsApp and Signal, will be targeted more frequently in 2024.

Steve Malone, VP of Product Management, reveals that the QR code phishing trend will likely surge in 2024. He illustrates how threat actors have started using QR codes in phishing campaigns to evade traditional defences. The increasing use of AI tools and chatbots to improve phishing attacks leads Malone to predict that more tech products will offer "co-pilot" AI assistants but warns of the potential misuse of these tools.

AI is not only a formidable tool in the toolkit of cyber defenders but increasingly a threat actor's best friend. Cybercriminals are harnessing AI technology, boldly targeting AI systems to creatively bypass Natural Language Processing (NLP) and linguistic checks that pick up malicious wording. Dyer predicts the increased use of invisible characters, lookalike characters and images to evade scannable words. This could also lead to a spike in password-restricted payloads and more attacks coming through encrypted emails, which security solutions cannot scan.

In the age of advanced communication and collaboration tools, Malone highlights that the security and tone of communication could be neglected. He lauds the steady business tone of email communication over the more colloquial style in tools like Teams or Slack, predicting a migration of socially-engineered attacks from email to collaboration platforms.

Egress's Chief Customer Officer, Sudeep Venkatesh, stresses the need for more interoperability between cybersecurity vendors. He argues this would enhance the value of investment and build stronger customer loyalty. He also urges vendors to focus on demonstrating value at every customer interaction to improve their security posture and stay ahead of evolving cyber threats.