Anticipating FortiGuard Labs: Predicting Rise ‘Easy’ Buttons with Generative AI and CaaS for Cyberattacks

‘Get off my lawn’: Cybercrime turf wars will emerge and intensify between cybercrime groups, with multiple adversaries focusing on the same targets.

Country Manager, Alan Reyes at Fortinet

The FortiGuard Threat Predictions Report for 2024 underscores the imminent rise of advanced cyber threats fueled by the widespread adoption of Cybercrime-as-a-Service and the influence of generative AI. As threat actors now wield sophisticated tools, employ stealthier tactics, and expand their range of targets, a unified response from the cybersecurity community becomes imperative. In light of these findings, the guidance is clear: organizations should actively foster a culture of cyber resilience and address the skills gap to fortify their defenses against the increasing sophistication of cyber adversaries. This report serves as a guide for navigating these evolving threats and offers practical insights to empower organizations in securing the digital landscape.

News Summary

Fortinet, a global leader in cybersecurity driving the convergence of networking and security, has unveiled predictions from its FortiGuard Labs global threat intelligence and research team regarding the cyberthreat landscape for the next 12 months and beyond. The 2024 threat predictions report delves into the impact of artificial intelligence on the cyber warfare paradigm, spotlighting emerging threat patterns poised to shape the digital terrain in the forthcoming year and beyond.

In an era characterized by the proliferation of Cybercrime-as-a-Service (CaaS) operations and the emergence of generative AI, threat actors now wield an array of “easy” buttons, streamlining the execution of attacks. Exploiting the expanding capabilities in their arsenals, adversaries are set to heighten the sophistication of their endeavors. The imminent threat landscape anticipates a surge in targeted and stealthy hacks meticulously designed to evade robust security controls. This evolution, combined with enhanced agility in executing attack cycles, emphasizes the pressing necessity for organizations worldwide to bolster their collective resilience against evolving cybercriminal tactics, techniques, and procedures (TTPs).

The Evolution of Old Favorites

FortiGuard Labs has long observed enduring, fan-favorite attack tactics that persist over the years, showing no signs of fading. Instead, they are evolving and advancing, fueled by attackers’ access to new resources. Alongside the evolution of APT (Advanced Persistent Threat) operations, our prediction is that cybercrime groups, as a whole, will diversify their targets and strategies, focusing on more sophisticated and disruptive attacks. They are setting their sights on denial of service and extortion techniques.

The ongoing “turf wars” in cybercrime persist, with multiple attack groups converging on the same targets and deploying various ransomware variants, often within incredibly short timeframes, sometimes within 24 hours. The integration of generative AI into these activities will intensify an already active landscape, providing attackers with a simple means to enhance numerous stages of their attacks. We’re already witnessing cybercriminals increasingly leveraging AI to support malicious activities in novel ways, from evading the detection of social engineering to simulating human behavior.

Fresh Threat Trends to Watch for in 2024 and Beyond.

1. Next-level playbooks: Over the past few years, ransomware attacks worldwide have skyrocketed, making every organization, regardless of size or industry, a target. Yet, as an increasing number of cybercriminals launch ransomware attacks to attain a lucrative payday, cybercrime groups are quickly exhausting smaller, easier-to-hack targets. Looking ahead, we predict attackers will take a “go big or go home” approach, with adversaries turning their focus to critical industries—such as healthcare, finance, transportation, and utilities—that if hacked, would have a sizeable adverse impact on society and make for a more substantial payday for the attacker. They’ll also expand their playbooks, making their activities more personal, aggressive, and destructive in nature.
2. It’s a new day for zero days: As organizations expand the number of platforms, applications, and technologies they rely on for daily business operations, cybercriminals have unique opportunities to uncover and exploit software vulnerabilities. We’ve observed a record number of zero days and new Common Vulnerabilities and Exposures (CVEs) emerge in 2023, and that count is still rising. Given how valuable zero days can be for attackers, we expect to see zero-day brokers—cybercrime groups selling zero days on the dark web to multiple buyers—emerge among the CaaS community. N-days will continue to pose significant risks for organizations as well.
3. Playing the inside game: Many organizations are leveling up their security controls and adopting new technologies and processes to strengthen their defenses. These enhanced controls make it more difficult for attackers to infiltrate a network externally, so cybercriminals must find new ways to reach their targets. Given this shift, we predict that attackers will continue to shift left with their tactics, reconnaissance, and weaponization, with groups beginning to recruit from inside target organizations for initial access purposes.
4. Ushering in “we the people” attacks: Looking ahead, we expect to see attackers take advantage of more geopolitical happenings and event-driven opportunities, such as the 2024 U.S. elections and the Paris 2024 games. While adversaries have always targeted major events, cybercriminals now have new tools at their disposal—generative AI in particular—to support their activities.
5. Narrowing the TTP playing field: Attackers will inevitably continue to expand the collection of TTPs they use to compromise their targets. Yet defenders can gain an advantage by finding ways to disrupt those activities. While most of the day-to-day work done by cybersecurity defenders is related to blocking indicators of compromise, there’s great value in taking a closer look at what the TTPs attackers regularly use, which will help narrow the playing field and find potential “choke points on the chess board.”
6. Making space for more 5G attacks: With access to an ever-increasing array of connected technologies, cybercriminals will inevitably find new opportunities for compromise. With more devices coming online every day, we anticipate that cybercriminals will take greater advantage of connected attacks in the future. A successful attack against 5G infrastructure could easily disrupt critical industries such as oil and gas, transportation, public safety, finance, and healthcare.

Navigating a New Era of Cybercrime

Cybercrime casts a wide net, impacting everyone, and the fallout from a breach can have extensive consequences. Our security community holds the ability to anticipate cybercriminals’ next moves and disrupt their activities through several proactive steps: fostering collaboration across public and private sectors to exchange threat intelligence, embracing standardized protocols for incident reporting, and beyond.

Organizations, too, bear a crucial responsibility in thwarting cybercrime. It begins with instilling a culture of cyber resilience where cybersecurity becomes everyone’s responsibility. This involves implementing continuous efforts like enterprise-wide cybersecurity education programs and targeted activities such as tabletop exercises for executives. These initiatives play a vital role in proactively combating cyber threats.

For more information please follow below link.

https://www.fortinet.com/blog/threat-research/2024-threat-predictions-chained-ai-and-caas-operations