With continued economic uncertainty, combined with a predicted $9.5 trillion in damages from cybercrime in 2024 according to Cybersecurity Ventures, organizations will once again have to decide where they place their resources to protect their business. And as we continue to see, secure email gateways (SEGs) are still unreliable as a main source of email security, as they can miss up to 50% of malicious emails targeting enterprise organizations.
So, what are organizations supposed to do to protect themselves from advanced phishing attacks in 2024?
That’s exactly what Cofense experts are weighing-in on as we ready ourselves for 2024.
Powered by data and insights from a global network of 35+ million Cofense-trained employees, our Intelligence team has unique insights into current and emerging email threats to watch out for. This data shines a spotlight on the ever-evolving threat landscape and the specific threats targeting our customers’ environments.
Looking ahead to 2024, our Cofense security experts outline their top threat and industry predictions:
Joshua Bartolomie, Vice President of Global Threat Services
1. Organizations will shift to focusing on what they don’t know about their cybersecurity risks, leaning on threat intelligence more than ever
As threats continue to mount due to global conflict and economic pressure, organizations will pivot to analyzing what they don’t know about their cybersecurity risks, rather than making assumptions and “check-the-box” strategies.
To do this, organizations will need to lean on threat hunters and threat intelligence to find out what focus on in their cybersecurity strategies. Threat hunters are like house inspectors who come in and poke at the walls and the foundation to find things that need to be fixed. Good, actionable threat intelligence will help organizations quantify their risk, give context into how threats are delivered and allow security teams to make informed decisions to stay ahead of threats.
Dawn Creter, Director of Product Management
2. Email security reporting will be front in center in the boardroom
Today, more than ever, cybersecurity is a main agenda item for every board meeting. Organizations are starting to hire cyber experts to sit on boards to ensure the right questions are being asked to security leaders about business and cyber risk. This spotlight on cybersecurity will only grow in 2024 as threats, especially those related to email, continue to increase.
The board of directors will want to know metrics like what emails are being auto-quarantined, how their company is being targeted and what departments in their organization are the most at risk of attack. Security leaders need to put themselves in the shoes of the board members, as more so now than ever, they are expecting metrics on how to prevent and mitigate the data breaches and ransomware attacks we’re seeing in the daily news.
3. Threat actors will capitalize on the advancement of AI, ML and ChatGPT through malicious emails
As we see more organizations adopt and invest in artificial intelligence (AI)/machine learning (ML), we are seeing an upward trend in credential phishing and an increase in communications on the dark web in generating AI frauds. Threat actors use many different tactics, techniques, and procedures that may leverage AI and ML to replicate the writing of an email for malicious intent.
The growth and advancement in AI, ML and ChatGPT has increased the ability to automate the creation of malicious emails, making detection even more complex. This technology has enabled threat actors to produce more high-quality images, pictures and videos with an even higher level of speed and accuracy. We’ll continue to see more high- quality, fake ChatGPT malicious email threats in 2024.
Max Gannon, Senior Cyber Threat Intelligence Analyst
4. Malicious QR codes are just getting started
QR code phishing is a relatively new form of cyberattack that is gaining popularity among cybercriminals. In the second half of 2023, the Cofense threat research team saw a significant increase in the usage of QR codes as a way of leading victims to a malicious website where their login credentials or personal information can be stolen. As it gets easier to create these malicious QR codes, we can expect this type of attack to increase significantly. It’s not a complex way to steal credentials, it puts victims outside the protections of a secure environment by forcing them to use their phones, and it just keeps getting easier to create URLs as they increase in popularity with consumers and vendors.
Jared Sladich, Cyber Threat Intelligence Engineering Manager
5. The cybersecurity threat landscape will intensify as social engineering attacks surge
Social engineering attacks are on the rise, and cybercriminals are using increasingly sophisticated tactics to trick people into divulging sensitive information. In September 2023, MGM Resorts International was hit by a cyberattack that disrupted its resorts and casinos across the country. The attack began with a social engineering breach of the company’s information technology help desk via an employee’s LinkedIn account.
In 2024, organizations will have to shift focus from only monitoring for malicious emails targeting company emails, to watching out for social engineering campaigns targeting employee’s’ social accounts and then using that stolen information to creep their way into a company’s network.
Dylan Duncan, Cyber Threat Intelligence Analyst
6. A new malware family will fill the void left behind by Qakbot
In August 2023, the FBI reported they had officially taken down Qakbot, which had been operational since 2008. At the time of its demise, Qakbot was known to have infected 700,000 computers worldwide, including more than 200,000 in the U.S. When a botnet this large is taken down, we see it reemerge within a few months, but we have yet to see it return as of December 2023.
Qakbot malware has always been known as a significant threat to large organizations because of the multiple methods it uses to spread itself, its relatively successful attempts at avoiding detection and automated analysis, and its brute-forcing of password-protected locations. In 2024, we can expect to see another malware family or botnet seek to fill the gap left in market now that Qakbot has been unable to return.
How do you stay protected against these threats?
Cofense is the original and leading security awareness training and phishing simulation provider, offering enterprise-level threat detection and response solutions to global organizations. Cofense PhishMe ® and the Cofense Phishing Detection and Response (PDR) platform leverage a global network of thousands of businesses, with over 35 million employees who actively report suspected phishing and other dangerous attack threats. Exclusive only to Cofense, this reporting system ingests and catalogs thousands of threats per day that are missed by all of the current email gateway technologies, and then eradicates the threat from all inboxes for all of our customers. In short, Cofense sees what other systems miss.