Generative AI can be utilized by attackers, however safety professionals should not lose sleep over it, in keeping with a Google Cloud menace intelligence analyst. Discover out why.
Google Cloud’s workforce lately spoke about probably the most notable cybersecurity threats of 2023 — multi-faceted extortion and zero-day exploitation — and predicted extra zero-day assaults in 2024, throughout two public, digital periods. Plus, Google predicts that each attackers and defenders will proceed to make use of generative AI. Nonetheless, generative AI in all probability gained’t create its personal malware in 2024.
Soar to:
Two most notable cybersecurity threats of 2023
The 2 most notable cybersecurity threats of 2023, in keeping with Google Cloud’s Luke McNamara, principal belief and security analyst, have been multi-faceted extortion (also called double extortion) and zero-day exploitation.
Multi-faceted exploitation
Multi-faceted exploitation consists of ransomware and information theft, though the variety of ransomware assaults tracked by Google Cloud fell in 2023. The most typical ransomware households utilized in multi-faceted exploitation assaults have been LockBit, Clop and ALPHV.
Should-read safety protection
Most ransomware assaults initially stemmed from stolen credentials. Brute pressure assaults and phishing have been the following commonest preliminary an infection vectors for ransomware.
SEE: Know the warning indicators if another person has accessed your Google account. (TechRepublic)
Attackers more and more put stolen credentials up on the market on information leak websites, McNamara mentioned. “This previous quarter (Q3 2023) we noticed the best variety of postings to DLS websites since we began monitoring this in 2020,” McNamara mentioned.
Many attackers are industry-agnostic, however “Quarter over quarter, manufacturing appears to be notably hit and impacted disproportionately,” McNamara mentioned. “That’s the place we’re seeing quite a lot of the exercise by way of quantity.”
Zero-day exploitation
Zero-day exploitation is outlined by Google Cloud as vulnerabilities with no identified patches that menace actors are actively exploiting. In 2023, Google Cloud Safety tracked 89 such assaults (Determine A), surpassing the earlier excessive of 2021.
Determine A
Many zero-day threats are nation-state affiliated or sponsored. The second commonest motivation amongst menace actors utilizing zero-day threats is to amass cash.
SEE: What the Cisco Talos Yr in Overview report revealed (TechRepublic)
Google Cloud’s 2024 cybersecurity forecast
Andrew Kopcienski, principal menace intelligence analyst at Google’s Mandiant Communication Middle, talked about nation-state menace actors, zero-day assaults, motion between cloud environments and credential theft throughout his presentation about cyber threats in 2024. Particularly, China and Russia are specializing in zero-day assaults, he mentioned.
“We absolutely anticipate to see much more zero day use in 2024 by not simply nation-state sponsored attackers however cyber criminals as nicely,” mentioned Kopcienski. “Zero days are among the finest strategies attackers have to stay undetected as soon as they get right into a community.”
China-sponsored menace actors
China-sponsored actors have centered on creating capabilities to find and utilizing zero days and botnets to stay undetected, Kopcienski mentioned. Google Cloud expects China’s cyber menace efforts to give attention to high-tech fields like chip improvement.
Russian-sponsored espionage
Russian espionage centered on Ukraine has been an issue, he mentioned. Google Cloud discovered Russia has performed campaigns exterior Ukraine as nicely, however these largely give attention to gaining strategic info relating to Ukraine, Kopcienski mentioned. Russian-sponsored attackers use “dwelling off the land” assaults that don’t require malware; as a substitute, they abuse native capabilities, and their site visitors appears to be like like native site visitors. Google Cloud expects extra assaults from Russian-backed actors in 2024, largely centered on victims inside Ukraine or associated to Ukraine.
North Korean-sponsored menace actors
Google Cloud additionally seemed intently at nation-state actors related to North Korea.
“They’ve developed a scrappy functionality to launch software program provide chain assaults,” Kopcienski mentioned.
North Korea was the primary identified nation-state actor to make use of “cascading” software program provide chain assaults, which piggybacked off one another. Many of those assaults are about stealing cryptocurrency or corporations conducting cryptocurrency operations. Google Cloud expects to see North Korea-affiliated menace actors’ assaults broaden in 2024.
Credential theft and extortion
One other concern for 2024 is extortion. “Credential theft (Determine B) is the secret … that has turn into probably the most drastic and hottest measure quite a lot of these attackers are utilizing,” Kopcienski mentioned.
Determine B
“Into 2024, we anticipate to see a give attention to information leak websites, particularly by extortion actors,” he mentioned.
Motion between cloud environments
Attackers in 2024 might use techniques, methods and procedures that permit them to journey throughout completely different cloud environments, seemingly because of the growing use of cloud and hybrid environments.
How generative AI has and can have an effect on cybersecurity in 2023 and 2024
Attackers can use generative AI to create textual content, voice messages and imagery, and Google Cloud expects this to turn into extra widespread.
“AI is enabling specific sorts of malicious attackers, largely in disinformation campaigns. We’re very involved going into subsequent 12 months concerning the impression of disinformation that has been augmented by AI, particularly with regards to the 2024 election,” mentioned Kopcienski.
In 2023, generative AI has been utilized by attackers and defenders. In 2024, AI could also be used to extend the dimensions of assaults, similar to by adopting AI in name facilities working ransomware negotiations.
Generative AI would possibly be capable to create malware in some unspecified time in the future sooner or later, however Kopcuenski mentioned to not anticipate that to occur as quickly as 2024. He recommends cybersecurity professionals “stay grounded” and never lose sleep with regards to generative AI. A lot of its threats are “hypothetical,” he mentioned.
“There’s quite a lot of hype and disinformation on the market already about what AI can and may’t do. … (AI is) not an awesome revolution by way of the threats being posed,” he mentioned.