Google Cloud’s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks

We Keep you Connected

Google Cloud’s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks

Google Cloud’s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks
Your email has been sent
A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.
What will cybersecurity look like in 2024? Google Cloud’s global Cybersecurity Forecast found that generative AI can help attackers and defenders and urged security personnel to look out for nation-state backed attacks and more.
Contributors to the report included several of Google Cloud’s security leaders and security experts from Mandiant Intelligence, Mandiant Consulting, Chronicle Security Operations, Google Cloud’s Office of the CISO and VirusTotal.
Jump to:
Threat actors will use generative AI and large language models in phishing and other social engineering scams, Google Cloud predicted. Because generative AI can create natural-sounding content, employees may struggle to identify scam emails through poor grammar or spam calls through robotic-sounding voices. Attackers could use generative AI to create fake news or fake content, Google Cloudwarned.
LLMs and generative AI “will be increasingly offered in underground forums as a paid service, and used for various purposes such as phishing campaigns and spreading disinformation,” Google Cloud wrote.
On the other hand, defenders can use generative AI in threat intelligence and data analysis. Generative AI could allow defenders to take action at greater speeds and scales, even when digesting very large amounts of data.
“AI is already providing a tremendous advantage for our cyber defenders, enabling them to improve capabilities, reduce toil and better protect against threats,” said Phil Venables, chief information security officer at Google Cloud, in an email to TechRepublic.
The report noted nation-state actors may launch cyberattacks against the U.S. government as the 2024 U.S. presidential election approaches. Spear phishing in particular may be used to target electoral systems, candidates or voters.
Hacktivism, or politically motivated threat actors not associated with a particular nation-state, is having a resurgence, Google Cloud said.
Wiper malware, which is designed to erase the memory of a computer, may become more common. It has been seen deployed by Russian threat actor groups attacking Ukraine, Google Cloud said. The war in Ukraine has shown state-sponsored attackers might attack space-based technologies to disrupt adversaries or conduct espionage.
Espionage groups in 2024 may create “sleeper botnets,” which are botnets placed on Internet of Things, office or end-of-life devices to temporarily scale attacks. The temporary nature of these botnets may make them particularly difficult to track.
Some of the trends Google Cloud highlighted show that well-known types of cyberattacks should still be on security teams’ radar.
Zero-day vulnerabilities may continue to increase. Nation-state attackers and threat actor groups may embrace zero-days because those vulnerabilities give attackers persisted access to an environment. Phishing emails and malware are now relatively easy for security teams and automated solutions to detect, but zero-day vulnerabilities remain relatively effective, the report stated.
Extortion, another well-known cyberattack technique, stagnated in 2022 but can be expected to grow again in 2024. Threat actors are advertising for stolen data and reporting revenue from extortion that indicates growth.
SEE: The malware SecuriDropper can get around Android 13’s restricted settings to download illegitimate apps (TechRepublic)
Some older threat techniques are becoming popular enough to get on the radar of Google Cloud. For example, an anti-virtual machine technique from 2012 has been seen again recently. And, an attack first documented in 2013 that uses undocumented SystemFunctionXXX functions instead of cryptography functions in a documented Windows API has become popular again.
Google Cloud VP & GM Sunil Potti said in an email to TechRepublic, “Right now, we see organizations running their data in a combination of multicloud, on-premises and hybrid environments – and while it is unrealistic to expect these organizations to host their assets solely in one place, it does make unified, comprehensive security operations and overall risk management particularly challenging.”
In hybrid and multicloud environments, enterprises may need to look out for misconfigurations and identity issues that allow threat actors to move laterally across different cloud environments, Google Cloud said.
Many threat actors, including nation-state threat actors, may use serverless services in 2024. Serverless services provide them greater scalability, flexibility and automation.
Google Cloud has seen a rising interest among attackers in supply chain attacks hosted on package managers such as NPM (Node.js), PyPI (Python) and crates.io (Rust). This type of cyberattack is likely to increase because it costs little to deploy and can have a major impact.
Mobile cybercrime is likely to grow in 2024 as scammers use novel and proven social engineering tactics to gain access to targets’ phones, the report said.
Finally, Google Cloud predicted SecOps will become increasingly consolidated in 2024. This roadmap can be used to drive cybersecurity strategies and purchasing when trying to get ahead of whatever may come in 2024.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Google Cloud’s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks
Your email has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
Because vendors supply the organization with critical supplies, goods, products, services and maintenance, and because these components possess a direct material impact on the organization’s success, all organization employees and representatives are subject to the vendor management and selection policy. The policy applies to all organization requests for proposals, bids, contracts, purchases and orders of …
Unlike consumer-level selling, completing B2B business transactions, especially when technological innovation is involved, often requires the cultivation of an intricate and complicated customer relationship. Merely having the best product or service is not enough. Someone must show the customer or client how that product or service will solve both their current and future problems. To …
Software is the lifeblood of businesses today. Tech has come out to be a solid differentiator, with faster product delivery being a make-or-break moment for any organization. TechRepublic Premium presents this quick glossary of key concepts to help your understanding. From the glossary: Integrated development environment An IDE is a one-stop software application for developers …
Python is a widely used general-purpose interpreted programming language. It’s a high-level language that can support multiple programming paradigms, including object-oriented, imperative, functional programming and procedural styles. Because of this language versatility, the skills, specializations and experience of Python developers tend to vary considerably. This hiring kit from TechRepublic Premium outlines the skills, experience and …
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE