1. Generative AI
With Generative AI making an impact in the majority of our lives in 2023, with the likes of ChatGPT, MidJourney and now the addition of Microsoft Copilot, Generative AI is the first topic we’d like to bring to your attention.
Artificial intelligence (AI) is expected to increase the global ransomware threat over the next two years, cyber chiefs have warned in a new report published today. [NCSC, 2024]
We’ve taken a look at the aspects of AI and how AI may be used in different scenarios:
- Sophisticated cyber-attacks across sectors using GenAI to find flaws.
- Rise in AI-driven threats, including new AI actors and coding aids, increasing risk.
- Businesses must use AI for the cyber defence to remain competitive.
- Shift to “Bring Your Own AI” as enterprise solutions lag.
- Increase in data privacy and AI usage regulations.
- More voice and video impersonation, including specific accents and hijacking of prominent accounts.
- Greater focus on attacks against Large Language Models (LLMs), indicating evolving threats.
Is Generative AI a cyber security threat in 2024?
As AI technologies become more widely available, cyber attackers are leveraging these tools to craft phishing schemes that are more sophisticated and convincing. These enhanced phishing efforts aim to deceive people into disclosing login details or unwittingly granting access to secure networks. To counteract this heightened risk, it’s crucial for organizations to bolster their defences by raising awareness through cyber security training.
And whilst Generative AI does indeed make it easier for those who wish to become cybercriminals, it’s not going to cause huge problems, yet. Let’s explain.
We are expecting to see a rise in criminal behaviour in the future. We anticipate Generative Al will be used to create malware and smaller cyber crimes. Why? Generative AI provides an easy introduction to those looking to learn how to create malware. This will bring in a percentage of ‘hackers’ that we call ‘Script Kiddies’.
Cyber Essentials certification is created to help protect your business from 80% of common cyber threats – These cyber threats are often Script Kiddie attacks.
Hackers vs Script Kiddies
We’ve created a table displaying the difference between a Hacker and a Script Kiddie.
|- High technical knowledge
- Can discover vulnerabilities and create sophisticated tools
|- Limited technical knowledge
- Rely on existing tools without deep understanding
|- Varied: financial gain, activism, challenge, ethical purposes
|- Often for recognition, curiosity, or thrill
|Approach & Methodology
|- Methodical: thorough reconnaissance, custom tools, strategic exploitation
|- Haphazard: uses tools "as is," without customization or deep planning
|Respect within Cyber Community
|- High: respected for skills, creativity, and contributions
|- Low: viewed as lacking originality and technical depth
|Impact & Sophistication of Attacks
|- Sophisticated attacks, precise targeting, can bypass advanced security
|- Less sophisticated, broad attacks, easily detectable due to known methods
2. Deepfake Scams
Deepfake technology, which uses artificial intelligence (AI) to create highly realistic but entirely fabricated audio and visual content, is poised to become a significant trend in 2024. This technology has advanced rapidly, creating convincing fake videos, images, and audio recordings that can be difficult to distinguish from real ones.
With advancements in AI and Machine Learning, the tools to create deepfakes will become more accessible and easier to use, lowering the barrier to entry for creating convincing deepfakes.
Examples of Deepfake Scams
In 2023, we saw the world’s first realistic deepfake of Martin Lewis. Since then, many influencers and celebrities have fallen victim to this new ‘attempt’ to lure people into leaving card details for cybercriminals. In fact, popular YouTube star Mr. Beast was caught up in a Deep Fake scam advertising several games within the crypto space and games targeted towards a younger audience.
In recent news, a company has been caught out by a Deepfake scam which has cost the business $25.6 million. Yep, Deep Fake is becoming a huge problem, and fast.
How to avoid becoming a victim of a deepfake scam?
Tips to avoid becoming a victim of a deepfake scam:
Educate yourself about deepfakes and the common signs that a piece of content might be fabricated, such as unnatural blinking patterns, inconsistent lighting, or odd background noise in videos.
Another tip to avoid a deepfake scam is to verify the source before trusting or sharing information, especially if it seems sensational or unlikely. Look for the same story from reputable news outlets or official statements from involved parties.
3. An Increase in Ransomware Attacks
The United Kingdom was one of the top countries globally targeted by ransomware attacks in 2023.
This upward trend in ransomware is anticipated to continue. These attacks can halt business operations, lead to significant financial losses, and put private data at risk. As we move into 2024, the growing frequency of these cyberattacks underscores the urgent need for small to medium-sized businesses and individual users to adopt essential cyber security measures.
How to spot a Ransomware attack?
Tips for spotting a ransomware Attack:
- Unusual file encryption or renaming.
- Ransom demand messages on your screen.
- Inability to access files or systems.
- Slow system performance or crashes.
How to avoid a Ransomware attack?
Tips for avoiding a ransomware attack:
- Regularly update software and systems.
- Use reputable antivirus and anti-malware tools.
- Back up data frequently and securely.
- Avoid clicking on suspicious links or attachments.
- Our Cyber Security Training Platform
4. Attacks will spread to Supply Chains
In 2024, cyber-attacks on supply chains are expected to rise as businesses link up more with suppliers and partners. These networks are tempting for hackers because they can be less secure, allowing a breach in one place to affect the whole chain. Hackers see these as weak spots since they’re not always well-protected.
Because of this, companies need to step up their security game beyond their main operations. They should check their partners’ security, set strict rules, and ensure everyone involved understands the importance of keeping things safe. Doing this helps guard against the increasing danger of attacks on supply chains in the future.
How to protect against Supply Chain Cyber Attacks?
Protecting your business against supply chain attacks can be difficult. However, we recommend ensuring your business is proactive in its approach to cyber security and lean towards working with businesses that take cyber security seriously. An example of this is businesses that hold the Cyber Essentials Plus certification. Cyber Essentials Plus is the more rigorous version of Cyber Essentials and requires an independent assessment of the business’s systems to ensure compliance with the standards. However, there are also services such as Cyber Essentials as a Service (CEaaS).
The Cyber Essentials scheme is a great way to protect against online threats, but it only assesses you at a single point in time. At Excellence IT, we’re offering an automated service that helps your business stay compliant by identifying vulnerabilities in your network.
Here’s what Cyber Security Expert, Andrew Beer has to say:
Director of excellence IT
“It’s really important to take good advice and get your house in order in terms of Cyber Security. Almost as important is ensuring your supply chain has an appropriate standard of Cyber Security based on the services they provide to your business.
At excellence IT, we have understood the importance of protecting your supply chain for many years, and this is why we’ve invested in advanced cyber security tools, employee training and industry accreditations such as Cyber Essentials Plus and ISO 27001.
The National Cyber Security Centre is doing its best to educate businesses on managing their supply chains, and we feel a responsibility to our clients to stay ahead of the curve and keep them safe.”
Cyber Security threats are becoming more sophisticated, and in 2024, highlighting the critical need for robust defences and heightened awareness. From the challenges posed by Generative AI and deepfake scams to the growing risks of ransomware and supply chain attacks, proactive measures and continuous education stand out as key strategies for protection. Embracing advanced security technologies, cyber security awareness training, adhering to standards like Cyber Essentials Plus and/or utilising a managed cyber security service are essential steps in safeguarding your business in 2024.
Writes about IT Support and Cyber Security.