The signs an average person uses to tell whether an email is legitimate or a scam by checking for misspellings, grammar errors, and lack of cultural context will be harder to spot in 2024. Attackers will continue to use generative AI and large language models (LLM) in phishing, SMS, and other social engineering operations to make the content, including voice and video, appear more legitimate.\n\nGenerative AI will also aid malicious activity at scale according to the Google Cloud Cybersecurity Forecast 2024 report. By having access to names, organization, job titles, departments or health data, attackers may not even need to use malicious LLMs as there is nothing inherently malicious about using gen AI to draft an invoice reminder. \u201cThey [attackers] will use anything they can to blur the line between benign and malicious AI applications, so defenders must act quicker and more efficiently in response,\u201d Phil Venables, CISO, Google Cloud on AI, said in a statement.\n\nThe report alerts to the possibility of increasing skepticism and distrust on businesses and governments from the public due to the use of gen AI to create fake news, fake phone calls that will actively interact with recipients, and deepfake photos and videos based on gen AI-created fake content. Google Cloud also forecast gen AI and LLMs to be offered as a paid service for attackers.\n\nThe good news is that cyber defenders will employ the similar tools to fight these threats. A big use case of AI is to drive how organizations will synthesize large amounts of data and contextualize it in threat intelligence to then yield actionable detections or other analysis, Google Cloud forecasts. AI and gen AI will provide the ability to augment human capability in analyzing and inferring actions to take from these large data sets.\n\nGlobal threat forecast for 2024\n\nAs attackers aim to maintain persistent access to an environment for as long as possible, they will exploit zero-day vulnerabilities and edge devices to maintain that access for longer in 2024. This forecast is based on expectations that zero-day vulnerabilities will in 2023 surpass the previous record set in 2021.\n\nThe growth of disruptive hacktivism observed following Russia\u2019s invasion of Ukraine is likely to continue as similar activities have been observed during the Hamas-Israel conflict. These activities include DDoS attacks, data leaks and defacements. Mandiant Intelligence believes that past success in such activities is likely to bring them back.\n\nSome nations might add wiper malware as observed prior to the Russian invasion of Ukraine, when Russian APT groups gained access to Ukrainian targets and launched a destructive attack that coincided with kinetic operations. \u201cWith tensions in the Taiwan Strait and other global security threats, 2024 will see pre-placed access of destructive wiper malware at strategically important targets,\u201d stated the report.\n\nGoogle Cloud also forecasted the targeting of space-based infrastructure, matured attacks on hybrid and multi-cloud environments, threat actors using more serverless services, continued extortion operations, espionage and sleeper botnets, revival of older techniques including SystemFunctionXXX, and anti-virtual machine.\n\nMalware authors will continue to develop more software in programming languages such as Go, Rust, and Swift. This is because the languages provide a great development experience, low-level capabilities, large standard library, and easy integration with third-party packages. Developers will be targeted via supply chain attacks hosted on software package managers.\n\nThe increase in cybersecurity insures is expected to result in premiums remaining steady. Google Cloud also expect to see more consolidation in SecOps as customers increasingly demand integrated risk and threat intelligence in their security operations solutions.\n\nRegional trends to watch for in 2024\n\nAn increase in nation-states and other threat actors engaging in cyber activities targeting the upcoming US presidential election, including espionage and influence operations targeting electoral systems, impersonation of candidates on social media, and information operations designed to target the voters. An uptick in spear phishing and otherattacks are expected against the US government, particularly from China, Russia, and Iran.\n\nTaiwan, South Korea, India, and Indonesia will also be holding elections and similar activities are expected to occur as well. China\u2019s newly drawn map could also become a cause of contention during India\u2019s and Indonesia\u2019s elections.\n\nPig butchering scams (romance scams), which have elements of both cybercrime and human trafficking, will continue to be a problem in 2024 for JAPAC countries\u2019 law enforcement. As endpoint detection and response solutions\u2019 adoption increases in JAPAC so will attack tactics intended to minimize detection.\n\nEuropean Parliament elections in June will be another attractive target for threat actors conducting both cyber espionage and information operations, with the reporting naming Russia as the most obvious threat.\n\nRussia and China are increasingly targeting African countries with cyber campaigns designed to spread misinformation to influence Africa by supporting authoritarian regimes, sow discord, and undermine democratic institutions. Chinese and Russian groups are expected to target the rare earth minerals industry essential for many high-tech products such as smartphones, computers, and electric vehicles.\n\nThe 2024 Summer Olympics in Paris are expected to experience cybercriminals targeting ticketing systems and merchandise, particularly through a surge in phishing campaigns requesting financial information or credentials. Lastly, next year continued activity by China, Russia, North Korea, and Iran is expected as they conduct espionage, cybercrime, information operations, and other campaigns to achieve their individual goals.\n\n\u201cChina, Russia, North Korea, and Iran each wield distinct cyber capabilities driven by their geopolitical needs in the short and long term. As tensions rise globally, especially in hotspots in the Middle East, Eastern Europe, and East Asia, these actors will undoubtedly be leveraged, so focused preparation will really be the key,\u201d Sandra Joyce, VP Mandiant Intelligence and Google Cloud on the big four, said in a statement.