• United States



Samira Sarraf
Regional Editor for Australia and New Zealand

Generative AI to fuel stronger phishing campaigns, information operations at scale in 2024

Nov 08, 20236 mins
Critical InfrastructureCyberattacksCybercrime

Google Cloud forecasts continued use of gen AI to create smarter campaigns while cybersecurity pros will use the same tools to defend and close the skills gap.

The signs an average person uses to tell whether an email is legitimate or a scam by checking for misspellings, grammar errors, and lack of cultural context will be harder to spot in 2024. Attackers will continue to use generative AI and large language models (LLM) in phishing, SMS, and other social engineering operations to make the content, including voice and video, appear more legitimate.

Generative AI will also aid malicious activity at scale according to the Google Cloud Cybersecurity Forecast 2024 report. By having access to names, organization, job titles, departments or health data, attackers may not even need to use malicious LLMs as there is nothing inherently malicious about using gen AI to draft an invoice reminder. "They [attackers] will use anything they can to blur the line between benign and malicious AI applications, so defenders must act quicker and more efficiently in response," Phil Venables, CISO, Google Cloud on AI, said in a statement.

The report alerts to the possibility of increasing skepticism and distrust on businesses and governments from the public due to the use of gen AI to create fake news, fake phone calls that will actively interact with recipients, and deepfake photos and videos based on gen AI-created fake content. Google Cloud also forecast gen AI and LLMs to be offered as a paid service for attackers.

The good news is that cyber defenders will employ the similar tools to fight these threats. A big use case of AI is to drive how organizations will synthesize large amounts of data and contextualize it in threat intelligence to then yield actionable detections or other analysis, Google Cloud forecasts. AI and gen AI will provide the ability to augment human capability in analyzing and inferring actions to take from these large data sets.

Global threat forecast for 2024

As attackers aim to maintain persistent access to an environment for as long as possible, they will exploit zero-day vulnerabilities and edge devices to maintain that access for longer in 2024. This forecast is based on expectations that zero-day vulnerabilities will in 2023 surpass the previous record set in 2021.

The growth of disruptive hacktivism observed following Russia's invasion of Ukraine is likely to continue as similar activities have been observed during the Hamas-Israel conflict. These activities include DDoS attacks, data leaks and defacements. Mandiant Intelligence believes that past success in such activities is likely to bring them back.

Some nations might add wiper malware as observed prior to the Russian invasion of Ukraine, when Russian APT groups gained access to Ukrainian targets and launched a destructive attack that coincided with kinetic operations. "With tensions in the Taiwan Strait and other global security threats, 2024 will see pre-placed access of destructive wiper malware at strategically important targets," stated the report.

Google Cloud also forecasted the targeting of space-based infrastructure, matured attacks on hybrid and multi-cloud environments, threat actors using more serverless services, continued extortion operations, espionage and sleeper botnets, revival of older techniques including SystemFunctionXXX, and anti-virtual machine.

Malware authors will continue to develop more software in programming languages such as Go, Rust, and Swift. This is because the languages provide a great development experience, low-level capabilities, large standard library, and easy integration with third-party packages. Developers will be targeted via supply chain attacks hosted on software package managers.

The increase in cybersecurity insures is expected to result in premiums remaining steady. Google Cloud also expect to see more consolidation in SecOps as customers increasingly demand integrated risk and threat intelligence in their security operations solutions.

An increase in nation-states and other threat actors engaging in cyber activities targeting the upcoming US presidential election, including espionage and influence operations targeting electoral systems, impersonation of candidates on social media, and information operations designed to target the voters. An uptick in spear phishing and otherattacks are expected against the US government, particularly from China, Russia, and Iran.

Taiwan, South Korea, India, and Indonesia will also be holding elections and similar activities are expected to occur as well. China's newly drawn map could also become a cause of contention during India's and Indonesia's elections.

Pig butchering scams (romance scams), which have elements of both cybercrime and human trafficking, will continue to be a problem in 2024 for JAPAC countries' law enforcement. As endpoint detection and response solutions' adoption increases in JAPAC so will attack tactics intended to minimize detection.

European Parliament elections in June will be another attractive target for threat actors conducting both cyber espionage and information operations, with the reporting naming Russia as the most obvious threat.

Russia and China are increasingly targeting African countries with cyber campaigns designed to spread misinformation to influence Africa by supporting authoritarian regimes, sow discord, and undermine democratic institutions. Chinese and Russian groups are expected to target the rare earth minerals industry essential for many high-tech products such as smartphones, computers, and electric vehicles.

The 2024 Summer Olympics in Paris are expected to experience cybercriminals targeting ticketing systems and merchandise, particularly through a surge in phishing campaigns requesting financial information or credentials. Lastly, next year continued activity by China, Russia, North Korea, and Iran is expected as they conduct espionage, cybercrime, information operations, and other campaigns to achieve their individual goals.

"China, Russia, North Korea, and Iran each wield distinct cyber capabilities driven by their geopolitical needs in the short and long term. As tensions rise globally, especially in hotspots in the Middle East, Eastern Europe, and East Asia, these actors will undoubtedly be leveraged, so focused preparation will really be the key," Sandra Joyce, VP Mandiant Intelligence and Google Cloud on the big four, said in a statement.