Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’ll look at three types of cyberattacks that are predicted to be prevalent in 2024.
If there’s one thing we can be certain of, it’s that we will never ever be safe from cyberthreats. That is why we need to prepare ourselves for the onslaught of cybercrime that is about to hit us this new year.
In 2023, we saw cybercriminals try newer, more effective strategies; apply the latest technologies; and, in general, come up with more innovative ways to rip us off. If I’m being honest, this year is not going to get any better.
It’s no longer just helpless senior citizens who are seen as vulnerabilities. Anyone can be a victim of modern cybercrime, given the capabilities that are readily available on the market. Last year, we saw generative AI grow in leaps and bounds, and with it came the downside: AI-powered cybercrime.
Experts say cybercrime in 2024 will evolve into a fine-tuned version of what we saw last year. Now that we’ve been warned, it’s best to stay prepared. Let’s go a little deeper into the various sensational scams and captivating crimes that await us this year in cyberspace.
1. AI-powered cybercrime
Although the newest kid on the block, AI scams are evolving in parallel with AI progress. AI-generated images and videos as well as voice replication are being used to scam you out of your money. Calls that appear to be from family members asking you to send over some money, phishing scams, and online shopping scams have worked on people in the past.
According to a McAfee report, 77% of AI voice scam victims end up losing money—a testament to how effective these types of scams are, which is why we must be all the more prepared and informed. This year, we’ll see more creative, advanced AI-powered scams. For example, job offer scams are on the rise, wherein generative AI is being used to create job sites and company pages that are almost indistinguishable from the original ones. Also, peer-to-peer (P2P) payment scammers are deploying the latest LLMs to hone their craft.
In a work-from-home scam, scammers posing as a company “hire” you and send you an AI-generated check to deposit, but the catch is that a part of the amount has to be transferred to a different person who can only accept the money through a P2P payment app. You end up sending the money from your personal account and finding out that the check is fake. Since generative AI is at a very nascent stage, we are learning slowly but steadily. Regulatory bodies will have to put in the work to implement guidelines and mandates on its usage.
2. Ransomware as a Service
Ransomware as a Service (RaaS) is a somewhat older concept, but with the rise in ransomware attacks in recent years, this domain is emerging as a key player in cybercrime. Threat actors can enlist the services of ransomware experts, whom they find through the dark web. The service providers create customized ransomware programs that they deploy and manage from end to end on behalf of the attacker.
In 2023, ransomware attacks went up 95% over the previous year, and it is predicted that by 2031, a ransomware attack will happen every two seconds. This means that RaaS providers will be looking to refine their technology to keep up with the latest in cybersecurity. Ensuring that your organization has world-class anti-ransomware software is paramount to keeping such attacks at bay and avoiding million-dollar disasters for your company.
3. IoT attacks
With 5G taking center stage in cellular connectivity, the IoT is becoming more of a household name, and more connectivity creates more vulnerabilities. In 2024, IoT devices may include household appliances, home and building security devices, industrial devices, medical infrastructure, and vehicles.
An IoT attack surface is threefold, consisting of the device, the communication channels, and the software.
Incorrect or faulty default settings and physical components, such as memory or firmware, can easily be taken advantage of by an attacker if identified to be weak or outdated. It is essential to regularly update your device’s firmware. Security patches for known vulnerabilities also need to be applied promptly whenever they’re rolled out by the manufacturer.
Likewise, IoT devices that connect to one another create a host of new vulnerabilities by increasing the attack surface via the communication channels between the devices. Cybersecurity measures, such as device authentication, data encryption, and network security mechanisms like firewalls, considerably minimize vulnerabilities and add additional levels of security to your devices.
Finally, the applications used to interact with the IoT devices are also susceptible to cyberattacks. Weak passwords and a lack of adequate authentication are the leading causes of IoT attacks. Readily available solutions such as password managers help you create strong passwords and store them to avoid any leaks. Cloud security solutions also greatly reduce the chance of attacks by providing authentication and encryption protocols.
The three attacks listed above are just a few among the host of attack types that are perpetually festering in the cybercrime cesspool. Phishing attacks, malware attacks, DDoS attacks, and insider threats all pose major threats to the cyber landscape and cost business millions of dollars each year. We must always stay equipped with the latest technologies and know-how to combat these attacks and create awareness to prevent them from happening to someone else.
