Google Cloud has released its annual Cybersecurity Forecast report for 2024, compiling forward-looking thoughts from security leaders and experts from different teams across Mandiant, Google Cloud and VirusTotal, who are on the frontlines of the latest and largest attacks. Aiming to empower the cybersecurity industry, this comprehensive report provides essential insights and strategies to frame the fight against cyber adversaries in the year ahead.

While new technologies will aid security teams, they can also expand the attack surface. In 2024, the rapidly evolving world of generative AI will provide attackers with new ways to conduct convincing phishing campaigns and information operations at scale. However, defenders will use the same technologies to strengthen detection, response, and attribution of adversaries – and more broadly reduce toil, address threat overload, and close the widening skills gap.

Renze Jongman, Strategic Threat Intelligence Specialist, MEA at Google Cloud says: “While the rapid development of new technologies like AI will allow attackers to speed up and scale their criminal operations, it also offers unique ways for defenders to combat the threat. The ability to scale cybersecurity talent is particularly exciting to me: the GCC region has a growing number of young and talented cybersecurity graduates, keen to contribute to defending their countries and organizations against cyber attacks. They can now start to have an exponential impact and rapidly grow and expand their skill set by leveraging AI in their investigations and operations.”

The cybersecurity landscape is constantly evolving, sometimes in new and unexpected ways. Defenders, often with limited resources, have the monumental task of keeping up. Here are some of the key takeaways from the Google Cloud Cybersecurity Forecast 2024 to help prepare for the year ahead:

• AI for attack and defense: AI is set to revolutionize cybersecurity for both attackers and defenders. Attackers are expected to leverage generative AI and large language models to create more sophisticated phishing and social engineering tactics, as well as to add scale to information operations. Defenders will utilize AI to enhance threat detection, response and attribution capabilities, as well as speed up analysis and other time-consuming tasks like reverse engineering.

• Continued use of zero-day exploits: An increased reliance on zero-day vulnerabilities by attackers is anticipated by both nation-state and cybercriminal groups, aiming to evade detection and maintain prolonged access to compromised systems. Edge devices and virtualization software are particularly attractive to threat actors because they are challenging to monitor. Cybercriminals know using a zero-day vulnerability will increase the number of victims and, based on recent mass extortion events, the number of organizations that may pay high ransomware or extortion demands.

• Growing prevalence of mobile cybercrime: Expect an increase in mobile cybercrime, with scammers using advanced and novel social engineering tactics like fake domestic help services, counterfeit social media, bank, or government communications, and deceptive pop-up alerts to trick victims into installing malicious apps on their mobile devices. Jongman adds: “This type of social engineering has grown rapidly across the Middle East in recent years, and while governments and organizations are already taking measures to protect their customers, this threat is likely to grow both in volume and sophistication across the region.”

• Maturing of attacks targeting hybrid and multicloud environments: With organizations around the world moving to the cloud, threat actors will look to exploit misconfigurations and identity issues to move laterally across different cloud environments.

• Escalating espionage and “sleeper botnet” tactics: Espionage activities will evolve and find more ways to scale, including the use of “sleeper botnets” created from vulnerable IoT, and small/home office or end-of-life devices. These botnets can be used and discarded as needed, complicating attribution efforts.

• Resurgence of older attack techniques: There is an expected revival in using older, less common cyberattack techniques which aren’t widely understood. These methods, often overlooked in modern detection systems, could provide attackers with a stealthy means to breach defenses.