Company experts look to the future of the regional threat landscape, warning of LLM-powered phishing campaigns, economically motivated threat actors, and the rise of deep fakes
Vectra AI released its annual threat predictions for cybersecurity stakeholders in the United Arab Emirates. Company experts Oliver Tavakoli, CTO, and Christian Borst, CTO EMEA, coauthored the predictions, which examine changes in the threat landscape, expansion in the attack surface, and the changing behaviors of digital estate owners, users, and attackers.
Prediction 1: Security endpoint breaches will decline as downstream defenses get stronger – In 2024, more than half of the region’s security incidents will not involve compromised endpoints, predicts Tavakoli.
“This will mark a new era of threats that primarily target federated identity systems, public clouds, and business email compromise [BEC],” Tavakoli explained. “These new breeds of attack will exploit the vulnerabilities and relative immaturity of security practices related to cloud, identity, and SaaS applications.”
Prediction 2: Generative AI will erode the effectiveness of email security – Tavakoli also predicted that, as adoption of generative AI continues, attackers will use it in social-engineering campaigns. He believes this will serve as a wake-up call to security leaders that their current defense capabilities are inadequate.
“Consequently, I expect organizations to pivot towards downstream security approaches such as zero trust, micro-segmentation, and detection and response mechanisms,” Tavakoli said.
Prediction 3: Threat actors will mix and match digital identities to cause high-profile breaches – Borst predicts that 2024 will see a surge in credential-harvesting attacks such as that seen in the Citrix NetScaler flaw and others, which have left cybercriminal groups sitting on millions of potential logins. He believes such stolen credentials will be used to compromise digital identities and breach enterprises more successfully than ever before.
“In the past, stolen credentials may have gotten threat actors into a handful of corporate accounts,” Borst said. “But most wouldn’t give them admin rights or privileged access to steal sensitive data. However, as enterprises use more cloud services, third-party software, and open APIs in 2024, each account will give users varying degrees of privilege. Each source on its own may not seem like a big deal, but we will see cybercriminals mix and match their stolen access to get hold of sensitive data and breach organizations.”
Borst also warned that to protect against a flood of cloud-based account hijacks, regional organizations will have to improve their visibility into cloud environments to bolster resilience and identify attacks before they become breaches.
Prediction 4: Widespread LLM usage will fade away, but the incidence of deep fakes will skyrocket – “Many organizations are exploring ways to use large language models (LLMs) following the initial wave of hype this past year,” Borst noted. “But when you scratch beneath the surface, it’s clear the novelty factor will soon evaporate.”
Borst believes the complexity of the technology and the realization that LLM does not come with human-like intelligence beyond its communication capabilities will see businesses scale back use of the technology. He thinks this trend will extend to threat cabals who will abandon trying to use the models to generate malicious code. Instead, cybercriminals will harness generative AI to create more realistic and sophisticated deep fakes.
“This will give them a better chance of tricking users into giving up sensitive data or clicking on something malicious through more convincing audio or visual phishing lures,” Borst warned.
Prediction 5: The cost-of-living crunch will push cybercriminals to do more with less – Borst foresees a 2024 in which slowing economic growth and the region’s persistent cybersecurity skills shortage will continue to impact not just cyber defenders but their adversaries.
“Both sides will be focusing on how to do more with less,” Borst said. “Many cyber defenders will look to harness AI to reduce strain on staff and increase resilience. At the same time, we will see attackers consolidate their operations to target low-hanging fruit.”
Borst surmised that phishing will remain a primary method of attack, but that cybercriminals will also automate processes where possible to save on time and resources, whether by using pre-packaged cybercrime tools or harnessing generative AI as support with crafting phishing lures.
A bumpy ride
“The threat landscape is one faced by UAE public sector organizations and private sector businesses alike,” said Tavakoli. “It transcends scale and spans industries. But while we can never know where and when the next attack will occur, the threat landscape — its actors, methods, and trends, are predictable to an extent. Let 2024 be the year we fight back with our own sophisticated arsenal of cybersecurity tools and methods to protect our clouds, containers, workloads, and data.”