2024 Cyber Threat Prospective : AI or Geopolitics, or both, or none

1. Introduction

In this comprehensive article, we delve into the difficult exercice of cybersecurity crystal ball, exploring the potential futures of this dynamic field with a cyber threat prospective analysis for 2024. We navigate through a meticulous process, beginning with a detailed review of expert predictions for 2024, then constructing alternative futures and developing rich scenarios with specific indicators. We conclude with a nuanced discussion that merges insights to illuminate the multifaceted nature of cybersecurity’s in 2024.

1.1 Executive Summary

1. Source of information: Reviewed expert cybersecurity predictions for 2024 from leading sources.
2. Two key drivers: Advanced AI in cybersecurity threats and geopolitical cyber warfare.
3. Four Alternatives Futures: AI Armageddon, Cybernetic Peace, Digital Cold War, Cyber Utopia.
4. AI Armageddon: Highlights risks of AI-driven cyber warfare, necessitating advanced AI defenses and international cyber regulations.
5. Cybernetic Peace: Suggests reduced geopolitical tension but advanced AI crimes, requiring sophisticated AI countermeasures and global cybercrime laws.
6. Digital Cold War: Focuses on traditional cyber espionage without AI, emphasizing human intelligence and traditional cybersecurity methods.
7. Cyber Utopia: Envisions a balanced cyber environment with minimal AI threats, stressing the importance of cybersecurity education and human-centric security solutions.
8. Cybersecurity is a global issue: multi-layered nature, influenced by diverse factors like technology, geopolitics, and human psychology.
9. Our advice: Adopt versatile and forward-thinking cybersecurity strategies that can adapt to various potential scenarios, from the best to the worst.
10. Conclusion: Importance of adaptability, proactive planning, and continuous engagement with cybersecurity trends.

1.2 Forecast versus Prospective

Forecasting and prospective analysis are distinct approaches in planning and strategy. Forecasting, rooted in statistical and historical data, aims to predict future outcomes based on past trends. It’s been a traditional method in fields like economics and meteorology. In contrast, prospective analysis, emerging from the work of futurologists like Gaston Berger and Bertrand de Jouvenel in the mid-20th century, focuses on exploring multiple possible futures. It’s more about understanding a range of potential outcomes than predicting a single one.

To illustrate the difference between forecasting and prospective analysis, consider the challenge of predicting cyber threats to a financial institution. Using historical data on past cyber attacks, analysts might forecast specific threats, like phishing or malware attacks. This method relies heavily on past patterns but may miss novel threats or unexpected events. Using prospective analysis, analysts would explore multiple scenarios, including emerging technologies and geopolitical changes, affecting cyber threats. This method doesn’t predict specific threats but prepares for a broader range of possibilities, acknowledging the dynamic nature of cyber threats.

In cybersecurity, our preference for prospective analysis over forecasting is due to the multi-layered nature of cyberspace. Factors like technology, human psychology, economics, geopolitics, and legal aspects interact complexly. Prospective analysis allows for a more holistic approach, accommodating the unpredictability and evolving nature of these intersecting factors in the cybersecurity landscape.

Further analysis of each alternative scenario also allows to identify a common ground and to set up preventive and proactive measures that shield organisation whatever the future(s) will be.

1.3 Presentation of the sources

To built our scenario we selected seven predictive analysis among five reputable sources.

Trend Micro

The Trend Micro Security Predictions for 2024 focus on key areas such as cloud-native worms exploiting security gaps, weaponization of data against cloud-based machine learning models, the rise in supply-chain attacks challenging CI/CD systems, the use of generative AI in social engineering scams, and extortion schemes targeting private blockchains. These predictions emphasize the need for enterprises to balance foresight with operational hardiness, particularly in the realms of artificial intelligence, the cloud, and Web3 technologies.

Securelist

Securelist (Kaspersky) provides three separates predictions :

• Advanced threat predictions for 2024
• Crimeware and financial cyberthreats in 2024
• Consumer cyberthreats: predictions for 2024

The Kaspersky Security Bulletin for 2024 APT predictions includes trends like the rise of creative exploits for mobile, wearables, and smart devices, the construction of new botnets using consumer and corporate software, and the increasing evasion of kernel-level code execution barriers. There is also an expected growth in cyberattacks by state-sponsored actors and a focus on hacktivism in cyber-warfare as a new normal in geopolitical conflicts.

The Kaspersky Security Bulletin for 2024 on crimeware and financial cyberthreats anticipates an increase in AI-powered cyberattacks, fraudulent schemes targeting direct payment systems, and the global adoption of Automated Transfer Systems (ATS). It also predicts a resurgence of Brazilian banking trojans, more selective ransomware target selection, the rise of open-source backdoored packages, and a shift from 0-day to 1-day exploits. Additionally, exploitation of misconfigured devices and services, fluid affiliate group composition, the use of less popular/cross-platform programming languages by cybercriminals, and the emergence of hacktivist groups are also highlighted as key trends.

The Kaspersky predictions for consumer cyberthreats in 2024 highlight an increase in charity scams, collaboration between online stores and charities, and a rise in VPN services due to internet segmentation. They also forecast new security issues due to prioritizing security over user comfort, more scams targeting the play-to-earn gaming sector, and a growing need for universal deepfake detection tools. Additionally, there is an expectation of a rise in voice deepfakes and scams related to movie and game premieres.

Secureworks

The Secureworks Cybersecurity Predictions for 2024 and beyond emphasizes quickaction in ransomware operation that prioritize speed over discretion, innovation in Business Email Compromise (BEC) scam to evade vigilance and defense and the increasing improtance in the cybercrime ecosystem of infostealer as main precursor of later intrusion. On a more geopolitical side, they envison North Korea pursuing their effort to target crypto organizations, Russia to focus APT attacks to support the Ukrainian war and influence operation targeting the US elections, China to increase stealthy cyberespionnage and Iran to target political opponents to fuel abduction or physical attacks.

Mandiant (Google Cloud)

The Mandiant Cybersecurity Forecast for 2024, as part of Google Cloud, offers insights into cybersecurity trends for the coming year. The forecast highlights the use of AI in scaling phishing and other cyber campaigns, increased cyber operations by nations such as China, Russia, North Korea, and Iran, the use of zero-day exploits for evasion, and more disruptive hacktivism related to global conflicts. It also mentions the development of malware in languages like Go, Rust, and Swift, making reverse engineering more difficult.

Norton

The NortonLifeLock Cybersecurity Predictions for 2024 discuss the rise of highly individualized cyberattacks, emphasizing the role of AI in developing sophisticated tools for targeted messaging and manipulation. The predictions include an increase in ransomware and emotionally manipulative scams, advancements in AI leading to more compact and device-based Large Language Models, and the growing use of generative AI in business with associated security challenges. There is also a focus on the exploitation of social media for AI-driven scams and disinformation, the evolution of Business Email Compromise attacks using AI and deepfake technologies, and concerns about the misuse of AI tools like ChatGPT by cybercriminals. Additionally, the predictions address the evolution of digital blackmail, sophisticated threats in mobile cybersecurity, and rising threats in the cryptocurrency sphere.

1.4 Methodology

Our methodology for analyzing 2024 cybersecurity trends employs a robust, forward-looking approach, grounded in the principles of prospectives. We use reputable techniques such as alternative futures analysis, scenario planning and scenario indicators.

• Source Selection: We carefully selected reputable and diverse sources, including major cybersecurity firms like Trend Micro, Kaspersky, Google Cloud, and NortonLifeLock. This ensures a well-rounded and authoritative base of information.
• 2024 Predictions Literature Review: The review of 2024 cybersecurity predictions from these sources provides a current and relevant foundation for our analysis. By synthesizing insights from multiple expert predictions, we ensure that our scenarios are grounded in the latest industry knowledge and trends.
• Alternative Futures Analysis: By considering multiple possible futures, we avoid the limitations of single-point forecasting. This method allows us to explore a range of potential outcomes, each based on different combinations of key drivers – in our case, AI utilization in cybersecurity and the intensity of geopolitical cyber warfare.
• Scenario Planning: This strategic planning method enables us to develop detailed narratives for each alternative future. These narratives are not mere predictions but exploratory scenarios that help us understand how different trends and events might interact and evolve.
• Use of SMART Indicators: We incorporate Specific, Measurable, Achievable, Relevant, and Time-bound indicators for each step in our scenarios. This adds a quantitative aspect to our analysis, allowing for the monitoring and evaluation of trends as they unfold. Each step in a scenario is tied to three indicators : one suited for Strategic Threat Intelligence, one suited for Tactical Threat Intelligence, and one suited for Technical Threat Intelligence.

These steps ensure our methodology not only explores a range of plausible futures but does so grounded in expert, contemporary insights, bolstering near-academic rigor and real-world applicability. This comprehensive approach incorporates diverse data sources, considers a broad spectrum of possibilities, and applies systematic analysis to each scenario. It is particularly suited for the dynamic and uncertain field of cybersecurity, where adaptability and preparedness for a range of outcomes are crucial.

2. Four Alternatives Scenarios

To build our Alternatives Futures Quadrants, we select two key drivers of changes : Advanced AI Utilization in Cybersecurity Threats and Evolving Geopolitical Cyber Warfare and Hacktivism. Their selection as key drivers is based on their prominence and potential impact, as evidenced in the comprehensive review of cybersecurity forecasts for 2024. These drivers are pivotal due to their far-reaching implications on global security, technological advancements, and the nature of cyber threats.

Those key drivers are not definitive and so display two extremes realisation. The combinaison of two extremes of two drivers display one future, enabling the creation of complexe scenario that are not linear and include opposing forces.

Advanced AI Utilization in Cybersecurity Threats:

• High Utilization: AI is extensively used in developing sophisticated cyberattack tools and defensive mechanisms, leading to a rapidly evolving cyber threat landscape.
• Low Utilization: AI’s role in cybersecurity is minimal, possibly due to stringent regulations or ethical concerns, leading to more traditional forms of cyber threats and defenses.

Evolving Geopolitical Cyber Warfare and Hacktivism:

• Intense Geopolitical Cyber Warfare: Cyber warfare becomes a primary tool in global conflicts, with nations increasingly engaging in cyber espionage, sabotage, and propaganda.
• Reduced Geopolitical Cyber Warfare: Geopolitical tensions are resolved diplomatically, leading to a decrease in state-sponsored cyber activities and a focus on combating cybercrime.

Secondary drivers like the evolution of consumer-targeted cyber threats, financial cybercrimes, and regulatory changes in cybersecurity provide additional context but are less dominant than the primary drivers in shaping the overall cybersecurity landscape according to our assessment of expert opinion.

2.1 Future A : The AIrmageddon

In “The AIrmageddon“, cyber warfare reaches unprecedented levels of sophistication due to the rampant use of advanced AI by nation-states. This future sees AI not just as a tool, but as a primary weapon in global cyber conflicts. State-backed hackers deploy AI-driven attacks capable of learning and adapting in real-time, targeting critical infrastructure and financial systems worldwide. The defense strategies are equally advanced, with AI being a cornerstone in identifying and mitigating these threats. The cyber realm becomes a battleground of AI, with each side continuously evolving its digital arsenals.

Key Events & SMART Indicators

1. Rapid Development of AI Cyberattack Tools:
   1. Strategic: Increase in AI research publications by state actors.
   2. Tactical: Instances of AI-based attack patterns identified.
   3. Technical: Detection of new AI malware signatures.
2. Major Infrastructure Cyberattacks:
   1. Strategic: Warnings from international cybersecurity alliances.
   2. Tactical: Reports of test attacks on infrastructure systems.
   3. Technical: Anomalies in network traffic to critical infrastructure.
3. Formation of International Cybersecurity Coalitions:
   1. Strategic: Number of cybersecurity treaties signed.
   2. Tactical: Joint cyber drills conducted by member nations.
   3. Technical: Integration of cross-border cybersecurity information sharing platforms.
4. Escalation of Cyber Espionage Activities:
   1. Strategic: Intelligence reports on state-sponsored cyber espionage.
   2. Tactical: Frequency of data breaches attributed to espionage.
   3. Technical: Discovery of new espionage-related malware variants.
5. Advancements in AI-based Cyber Defense Systems:
   1. Strategic: Investments in AI defense research and development.
   2. Tactical: Deployment of AI-based threat detection systems.
   3. Technical: Effectiveness metrics of AI-based defenses.

2.2 Future B : The New ROP

“The New ROP” presents a world where AI’s role in cybercrime is paramount, but geopolitical tensions have subsided. In this future, AI advancements have revolutionized cybercrime, leading to sophisticated, AI-driven ransomware and fraud. However, international cooperation and treaties on cyber warfare have effectively reduced state-sponsored cyberattacks. This global collaboration has led to the development of groundbreaking AI defenses, focusing more on combating cybercrime than on geopolitical conflicts. The scenario is marked by a significant focus on protecting consumer data and ethical discussions around the use of AI in cybersecurity.

Key Events & SMART Indicators

1. Proliferation of AI-Driven Financial Cyber Crimes:
   1. Strategic: Increase in financial fraud reports using AI.
   2. Tactical: Identification of AI-based tactics in financial scams.
   3. Technical: Detection of new AI-generated phishing email patterns.
2. Implementation of Global Cybercrime Treaties:
   1. Strategic: Number of countries ratifying cybercrime treaties.
   2. Tactical: Reduction in cross-border cybercrime incidents.
   3. Technical: Increase in international cybercrime-related intelligence sharing.
3. Emergence of AI-Enhanced Cybersecurity Defenses:
   1. Strategic: Investment levels in AI defense technologies.
   2. Tactical: Deployment rate of AI-based cybersecurity systems.
   3. Technical: Efficiency metrics of new AI cybersecurity tools.
4. Rise in Consumer Data Protection Efforts:
   1. Strategic: Legislation trends for consumer data protection.
   2. Tactical: Implementation of consumer data protection policies by companies.
   3. Technical: Incidence of consumer data breaches.
5. Growth of AI Ethics and Regulation Discussions:
   1. Strategic: Number of forums and panels on AI ethics.
   2. Tactical: Policy proposals on AI usage and ethics.
   3. Technical: Adoption rate of ethical AI guidelines in development.

2.3 Future C : Code War

In “Code War” the cyber landscape is dominated by intense geopolitical conflicts, but with limited AI utilization. This future is characterized by traditional forms of cyber warfare, where human intelligence and conventional hacking techniques predominate. International consensus on AI usage limitations in cyber warfare has curbed the AI arms race. Instead, nations focus on enhancing human-driven espionage and sabotage efforts. The cyber conflicts are more about strategic intelligence gathering and less about technological superiority, marking a return to the classic spy-vs-spy scenario but in the digital realm.

Key Events & SMART Indicators

1. Escalation of Traditional State-Sponsored Cyberattacks:
   1. Strategic: Reports of state-sponsored cyber activities.
   2. Tactical: Frequency of traditional cyberattacks by nation-states.
   3. Technical: Identification of state-sponsored malware.
2. Global Consensus on Limiting AI in Cyber Warfare:
   1. Strategic: Number of international agreements on AI limitations.
   2. Tactical: Compliance rate with AI usage restrictions.
   3. Technical: Decrease in AI-driven cyberattack signatures.
3. Rising Significance of Human Intelligence in Cyber Operations:
   1. Strategic: Investment in human-driven cyber intelligence.
   2. Tactical: Number of operations relying on human intelligence.
   3. Technical: Evolution of non-AI cyberattack methods.
4. Increased Focus on Cybersecurity Training and Awareness:
   1. Strategic: Funding for cybersecurity education programs.
   2. Tactical: Number of trained cybersecurity professionals.
   3. Technical: Effectiveness of cybersecurity awareness campaigns.
5. Growth in Cyber Espionage Without AI:
   1. Strategic: Intelligence on non-AI cyber espionage activities.
   2. Tactical: Incidents of espionage through traditional methods.
   3. Technical: Identification of espionage-specific malware.

2.4 Future D : The End (of Talent Shortage)

“The End of the Talent Shortage” envisions a future with both reduced geopolitical cyber warfare and minimal AI utilization in cyber threats. This optimistic scenario is a result of strong global diplomatic efforts and strict enforcement of AI regulations in cybersecurity. The focus shifts towards human-centric cybersecurity solutions, public education, and training. Cybersecurity challenges are more about maintaining these standards and less about countering high-tech threats. This future represents a harmonious balance where technology serves humanity without the looming threat of AI-driven cyber warfare or geopolitical conflicts in the digital space.

Key Events & SMART Indicators

1. Strengthening of Global Diplomatic Relations:
   1. Strategic: Increase in diplomatic agreements related to cybersecurity.
   2. Tactical: Reduction in cyber conflicts among nations.
   3. Technical: Decrease in nation-state cyberattack incidents.
2. Strict Enforcement of AI Regulation in Cybersecurity:
   1. Strategic: Number of laws enacted on AI usage in cybersecurity.
   2. Tactical: Compliance rate with AI cybersecurity regulations.
   3. Technical: Reduction in AI-driven cyber threats.
3. Investment in Human-Centric Cybersecurity Solutions:
   1. Strategic: Funding allocated to human-focused cybersecurity.
   2. Tactical: Increase in deployment of non-AI cybersecurity tools.
   3. Technical: Efficiency of traditional cybersecurity measures.
4. Focus on Public Cybersecurity Education and Training:
   1. Strategic: Government initiatives for public cybersecurity education.
   2. Tactical: Number of public cybersecurity training programs.
   3. Technical: Rate of cyber literacy improvement in the population.
5. Development of International Cybersecurity Standards:
   1. Strategic: Establishment of global cybersecurity standards.
   2. Tactical: Adoption rate of international cybersecurity practices.
   3. Technical: Compliance levels with global cybersecurity standards.

3. Discussions and Implications

The presented scenarios highlight the complex interplay between technological advancements and geopolitical dynamics in shaping the cybersecurity landscape.

1. Technological Reliance vs. Human Agency: The contrast between AI-dominated and human-centric futures underscores the ongoing debate about the reliance on technology versus human skills in cybersecurity. This poses questions about the balance of technology and human intelligence in cyber defense strategies.
2. Geopolitical Dynamics: The scenarios reflect varying levels of geopolitical tension, indicating the significant impact of international relations on cybersecurity. This emphasizes the need for global cooperation and policy-making in cyber warfare and cybercrime.
3. Ethical and Regulatory Challenges: The diverse use of AI in these futures points to ethical dilemmas and the necessity for robust regulatory frameworks. The implications for privacy, security, and the potential misuse of AI in cyberattacks necessitate a thoughtful approach to AI development and deployment.
4. Adaptability of Cybersecurity Measures: Each scenario presents unique challenges, stressing the importance of adaptable and resilient cybersecurity strategies. Organizations must be prepared to pivot their approaches based on evolving threats and geopolitical shifts.
5. Public Awareness and Education: The varied futures demonstrate the need for increased public awareness and education in cybersecurity, particularly in scenarios with increased human-centric threats or advanced technological exploits.

These discussions indicate that regardless of the specific future that unfolds, a multifaceted and proactive approach to cybersecurity is essential, considering both technological advancements and the geopolitical environment.

4. Conclusion

In our exploration of cybersecurity’s future through the lens of prospective and alternative scenarios, we’ve traversed challenges where technology and geopolitics intertwine in complex and often unpredictable ways. Each scenario, from the AI-driven dystopia of “The AIrmageddon” to the more harmonious “The End” presents a distinct facet of a potential 2024, each underpinned by the dual forces of AI advancement and geopolitical dynamics.

As technology continues to advance at a breakneck pace and geopolitical tensions shape the digital battleground, our preparedness and response strategies must evolve accordingly. The scenarios we’ve woven, while speculative, are grounded in current trends and expert insights, serving as a mirror to our present and a window to possible futures.

We’re reminded of the inherent unpredictability of technology and international relations. The true path of cybersecurity’s future is unwritten, and it’s up to us—policymakers, cybersecurity experts, technologists, and citizens—to navigate this uncertainty. Our actions today will shape the cybersecurity landscape of tomorrow. It’s a continuous process of adaptation, learning, and anticipation. As the digital world evolves, so too must our understanding and strategies. The scenarios presented are not endpoints but waypoints in an ongoing dialogue about our digital future. In this dialogue, every stakeholder has a voice and a role, and it’s through our collective efforts that we can steer towards a future where technology serves humanity, and cybersecurity is a bridge to a safer world, not a battleground.

Thus, as you continue to contemplate the future of cybersecurity, consider your role in this unfolding narrative. How will your actions, decisions, and perspectives influence the path we take? The future is not just something that happens to us; it’s something we create. In the realm of cybersecurity, this notion has never been more relevant or more challenging. As we look towards the horizon, let’s do so with a sense of responsibility, curiosity, and cautious optimism. The next chapter is ours to write.