2023 saw a rapidly evolving cybersecurity threat landscape. Cyberattacks are on the rise, existing attacks are changing, and new, more sophisticated threats are on the horizon. Going into 2024, these trends are likely to continue or — more likely — accelerate. As artificial intelligence (AI) matures, it promises to significantly impact how both cyber attackers and defenders do their jobs.
The cybersecurity threat landscape is constantly changing as cybercriminals refine their techniques and take advantage of new vulnerabilities, technologies, and attack vectors. Some of the most significant threats to corporate cybersecurity in 2024 include the following:
Ransomware has been one of the most significant threats to corporate data security and cybersecurity for several years. However, the evolution of this threat over time has exacerbated the impact that these attacks have on target organizations.
2023 saw a massive number of high-profile and large-scale ransomware attacks, such as the breach of MGM Resorts International. Some of the key factors that contributed to ransomware’s success include:
The overt use of cyberattacks for warfare and to achieve political ends used to be relatively rare. However, in the last few years, it has become commonplace, especially in the context of the Russian-Ukrainian war.
Whether affiliated directly with the government or acting as independent hacktivists, cybercrime groups are increasingly using distributed denial-of-service (DDoS), wipers, and other disruptive attacks in support of their causes. For example, Anonymous Sudan — suspected to have Russian affiliations — has performed numerous high-profile DDoS attacks against Microsoft, Telegram, Twitter (X), and Scandinavian Airlines. Iranian-affiliated KarMa and Agrius, on the other hand, specializes in breaching sensitive data from Israeli organizations and, occasionally, deploying wipers as well.
The rapid rise of artificial intelligence (AI) in recent years has both positive and negative implications for corporate cybersecurity. While companies can use AI to enhance their threat detection and response capabilities, cybercriminals can do so as well to improve the effectiveness of their attacks.
One common use of AI for offensive cybersecurity is the development of phishing emails and malware. With generative AI (GenAI), cybercriminals can create phishing messages that lack many of the typos and other errors that defined these threats in the past. Additionally, while many GenAI tools have guardrails against malware development, these can be easily circumvented by attackers, enabling attackers to develop sophisticated malware more quickly than they would otherwise be able to.
Data breaches have always been a major cybersecurity concern for organizations. The exposure of sensitive customer or corporate data can hurt a brand’s reputation, reduce profitability, or result in legal or regulatory action.
While, in the past, companies may have gotten away with a slap on the wrist after a breach, this is no longer the case. In recent years, it has become increasingly common for data breaches to result in litigation and significant fines and settlements for breached organizations. In the case of Uber, the Chief Information Security Officer (CISO) was even found guilty of attempting to conceal a data breach from the Federal Trade Commission (FTC).
Data privacy laws are growing more numerous and stringent in their protection of customers’ personal data. As regulators actively investigate incidents and enforce requirements, organizations that are non-compliant or experience a breach due to negligence are likely to incur significant penalties.
The shift to remote and hybrid work arrangements drove new approaches to security. As remote workers needed access to on-prem and cloud environments, companies adopted single sign-on (SSO) and multi-factor authentication (MFA) to secure access to corporate applications and data.
This transition inspired cyber threat actors to target access tokens that grant access to cloud-based resources. Often, this is accomplished by stealing tokens insecurely stored with third parties or cloud service providers.
For example, Microsoft has experienced several token-related security incidents. One event included the inadvertent exposure of sensitive data due to a misconfigured Azure SAS token intended only to share open-source AI training data. Another incident involved the theft of a Microsoft account (MSA) consumer signing key that was stored insecurely within the compromised account of a Microsoft engineer. With this key, the attacker could generate and digitally sign authentication tokens for various Microsoft services.
Another notable token-related cybersecurity incident was the October 2023 breach of Okta. Stolen credentials permitted the attackers to access Okta’s customer support management system. This allowed the attacker to steal sensitive files that included cookies and session tokens that could be used to hijack customer sessions and gain unauthorized access to their environments.
The widespread use of open-source software (OSS) generates significant application security concerns (AppSec). The vast majority of applications use at least some open-source libraries and dependencies. However, these open-source components may be maintained by individuals, may have been abandoned, and likely do not meet enterprise-grade secure coding standards.
Cyber threat actors are increasingly targeting OSS repositories as a method of compromising corporate environments and introducing vulnerabilities or malicious code into new applications. Some common methods include:
Often, developers don’t perform security testing on the third-party dependencies that they import into their projects. This makes this an effective attack vector for cyber threat actors, especially if they can trick users of a widely used repository.
In 2024, organizations face a growing volume of sophisticated and damaging cyberattacks. Cyber threat actors have identified highly effective and profitable attack vectors, and the growing use of automation and artificial intelligence enables attackers to perform these attacks at much greater scales.
AI offers organizations the ability to manage their growing cybersecurity threat landscape more effectively. With AI, companies can achieve security that is:
Check Point’s Infinity AI provides organizations with the AI solutions needed to protect their business against all of the threats identified in the 2024 Cyber Security Report. ThreatCloud AI is the brains behind Check Point security products, leveraging machine learning and big data to rapidly identify and prevent cyberattacks. Infinity Copilot enables security teams to scale by automating daily tasks, configuration management, and threat hunting.