Bridewell: democratized cybercrime, regulatory lag and malware that thinks for itself
Houston, Texas, USA – 16 November 2023 – Given the sharpening complexity of cyber threats, our digital and physical infrastructure faces mounting challenges. In the past year alone, we've seen cybercriminals refine their arsenal with sophisticated tools aimed squarely at evading defences and causing disruption. This isn't an underground effort but a professional marketplace, teeming with state-backed operatives, criminal collectives, and rogue activists.
As the US’s critical infrastructure stands on high alert, cybersecurity firm Bridewell, spotlights the critical trends and emerging dangers cyber teams must watch out for in 2024. Our report, "Cyber Security: What to Expect in 2024”, is informed by insights collected through continuous monitoring from our 24/7 Security Operations Centre (SOC) and input from our dedicated consultants and cyber experts. A snapshot of the challenges on the horizon for next year and in the full report are:
- RaaS will bring hope to more cybercriminals – The growth of Ransomware-as-a-Service (RaaS) will catapult large-scale criminal gangs to enterprise status and level up the lower-skilled crime groups. Ransomware operators with the skills to write software for use by affiliate groups have identified a gap in the criminal market. This is accelerating the professionalization of cybercrime. Large-scale ransomware groups will achieve the size and habits of major enterprises, adopting departmental specialisms such as R&D and offering defined career structures. The only thing they won’t do in 2024, is pay taxes.
- The rise of malware that thinks for itself – Forget Terminator and Skynet or HAL 9000 on the Discovery One spacecraft, AI threats are real and all around us. AI will lower the barrier to entry for criminals but also help with detection in a way no human can, democratizing security. AI will enable more sophisticated attack methods such as polymorphic malware, which mutates with every infection, making detection a difficult task. The arms race around AI will become a distinct feature of the next 12 months, as organizations and criminals compete to take advantage of the technology.
- Land of the free, home of the cyberattack – When it comes to regulation, it often feels like it's jogging a few paces behind the sprint of technological advancements. The US remains a long way behind Europe and other regions in terms of nationwide cyber security regulation, and this will continue to have the knock-on effect of more cyber attacks on US businesses. This is despite moves by the Biden administration to improve standards in federal organizations and among its software providers. Despite the growth of threats from rogue nation-states and hacking groups, US organizations will continue to have a bare-minimum approach to cybersecurity until they are subject to more stringent requirements and penalties. This leaves the direction of US cyber regulation next year in question.
- An explosion of threats against energy companies – The energy sector faces heightened risk because it is a bargaining chip for cyber criminals focused on politically-motivated attacks. It is effectively a weapon of war and an area of major governmental concern, given its critical role in all economies and the sensitivity to price rises among consumers. The International Energy Agency has warned that energy systems are at “unprecedented threat” from cyberattacks, particularly in the renewables segment of the market. Green energy technologies will become hotspots for cyber threats, so the sector must brace for a turbulent year.
- Big year for cyber in politics? – Cyberattacks often correspond with major political events, and 2024 will see a US presidential election. Preparation will be key as Russia, North Korea, Iran and activist hacking groups all carry their own motivations. Following the US National Intelligence Council (NIC) reporting “profit-motivated cybercriminals disrupted 2020 US presidential election preparations in some states with ransomware attacks”, the government will certainly step up security to prevent threat actors from entering networks or disrupting proceedings during 2024.
Chase Richardson, Head of US Operations, at Bridewell added: “Looking ahead to 2024, we can see how emerging technology tools, sophisticated attack methods and the eruption of AI are transforming how criminals organise and operate, but also how legitimate organisations can defend themselves. To strengthen their security posture at a time of great change, organizations must avoid dependence on technology as the sole answer. They must acquire greater visibility and threat intelligence and develop their processes and technologies to ensure they are leveraging sophisticated threat-led managed detection and response (MDR) and extended detection and response (XDR) capabilities.”
Download the full Cyber Security: What to Expect in 2024 guide.