In 2024, advanced persistent threat actors will introduce new exploits on mobile, wearables and smart devices and use them to form botnets, refine supply chain attack methods and utilise artificial intelligence for more effective spear-phishing, cybersecurity company Kaspersky has predicted in a report. These advancements are anticipated to intensify politically motivated attacks and cybercrime, the report noted.

“In 2023, the notable surge in the availability of AI tools didn’t elude the attention of advanced malicious actors. We anticipate that upcoming trends go beyond AI implications, including new methods for conducting supply chain attacks, the emergence of hack-for-hire services, novel exploits for consumer devices, and more,” said Igor Kuznetsov, director, global research and analysis team, Kaspersky.

AI-Powered Impersonation, Rise Of Creative Exploits And New Botnets

Emerging AI tools can streamline spear-phishing message production, even enabling the mimicry of specific individuals, the report warned. Attackers may devise creative automation methods by gathering online data and feeding it to large language models to craft letters in the style of a person connected to the victim.

The report noted that threat actors will likely broaden their surveillance efforts, targeting consumer devices through vulnerabilities and silent exploit delivery methods, including zero-click attacks through messengers, one-click attacks via SMS or messaging apps and network traffic interception.

The exploitation of vulnerabilities in commonly used software and appliances is another point where enterprises must stay vigilant. High and critical severity vulnerabilities sometimes receive limited research and delayed fixes, potentially leading to new, large-scale and stealthy botnets capable of targeted attacks, the report underlined.

Growth In Cyberattacks By State-Sponsored Actors And Hacktivism

According to Kaspersky Security Bulletin, state-sponsored cyberattack numbers will potentially increase in the year ahead, amid increasing geopolitical tensions. These attacks will likely cause data theft or encryption, IT infrastructure destruction, espionage and cyber-sabotage.

Geopolitical tensions will also likely increase the trend of hacktivism, both destructive and aimed at spreading false information, leading to unnecessary investigations and alert fatigue of security operations centre analysts and cybersecurity researchers.

Other Advanced Threat Predictions For 2024