Johannesburg, 29 Nov 2023
As a continuation of our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we headed down the (metaphorical) corridor to the Threat Labs. We wanted to extract from them some threats and cyber attack-related predictions, based on what they are starting to see evolving in the landscape. We’ve got a great selection, covering generative AI, software supply chain and social engineering. Strap in!
AI and machine learning stand to make cyber attacks more sophisticated
“AI and machine learning will be used in future cyber security attacks to generate realistic phishing e-mails and websites, as well as creating deepfakes for spreading misinformation and disinformation. The data voids from generative AI’s responses will be leveraged further to contaminate the supply chain by malicious actors. In short, AI and ML can both be used to make cyber attacks more sophisticated, dangerous and challenging to detect,” said Hubert Lin, Senior Staff Threat Researcher.
Generative AI used to plan cyber attacks
“We will see the release of generative AI that uses the tree of thought prompting to help plan cyber attacks. It’s quite possible that we could see something arise that plugs into other pieces of the botnet ecosystem that will make launching attacks a simple question of paying for what you want and then typing it in. It may even escalate the frequency and intensity of cyber attacks from parties who are engaged in physical conflicts around the world,” said Colin Estep, Principal Engineer.
Software supply chain will continue to be a high-value target for threat actors
“In 2024, the software supply chain will continue to be a high-value target for advanced threat actors. Over recent years, attacks on all four components – source, build, dependencies and deployment – have escalated dramatically. Despite the difficulty, successful compromises offer significant rewards, driving threat actors to invest in these more sophisticated tactics. This will continue into the coming year, where we will see even more creative exploits at the source stage, where attacks will range from injecting backdoors to outright theft of proprietary algorithms and everything in between,” said Dagmawi Mulugeta, Staff Threat Researcher.
Social engineering will dominate the threat landscape
“Social engineering will be the primary infiltration tactic in cyber attacks because it can be effective against a wide variety of targets. The primary channels for social engineering will include messaging apps, social media, phone calls, text messages and, of course, e-mail,” said Ray Canzanese, Head of Netskope Threat Labs.
Generative AI chatbots will be increasingly abused to deliver malware and phishing
“Delivering Trojan-ised installers, phishing and scam websites through search engine result pages has been an effective technique deployed by attackers throughout 2023. As generative AI chatbots continue to rise in popularity, we should expect that they will also be abused to serve malicious payloads next year. Organisations should ensure visibility and control to protect their users from this attack vector,” said Jan Michael L Alcantara, Threat Research Engineer.