Ransomware attacks reached a record high in 2023, and are set to continue to be a threat for some time to come, new research has warned.
In its 2024 Key Forecasts, ZeroFox Intelligence highlighted analysis of live threat intelligence data showing the rise, and warned that as a number of key elections are due in 2024, it expects an uptick in malicious campaigns and scams looking to spread misinformation.
Manufacturing and technology industries facing the greatest threat, the company said, with US based organizations will likely suffer more than 50% of global ransomware attacks in 2024 due to its sizable economic and digital infrastructure.
An evolving threat landscape
Social engineering is expected to rise as a result of phishing campaigns utilizing new techniques and malicious attachments. Search engine optimization (SEO) will also see increased levels of manipulation by threat actors looking to make their scams appear more legitimate, or use more legitimate domains.
AI will see an increased use by threat actors and the cyber security industry as its abilities evolve. Synthetic media generated by AI will be used to target elections, and spread misinformation, disinformation, and malinformation. However, there is potential for AI to enhance defense capabilities concerning cyber security and the detection of synthetic media.
There is a growing threat that cyber attacks will have increasing physical damages, most likely affecting finance, energy and healthcare. These critical sectors can suffer huge real world damage as a result of cyber attacks, and often use out-dated or undersized security infrastructure. Nation-state and state-sponsored attacks are the most likely to target these critical sectors, especially with regard to the Russia-Ukraine war and tenuous relations between China and Taiwan.
ZeroFox noted businesses looking to enhance their protective capabilities, which include backing up critical data to off-site encrypted cloud storage, monitoring network access and device configurations, and adopting an organization-wide zero-trust cybersecurity architecture to keep device access to the minimum required for operation.
