2023 Threat Analysis and 2024 Predictions

Posted: 9th April 2024
By: Tony Gaitanos, Megan Keeling, Kathleen Kuczma
2023 Threat Analysis and 2024 Predictions

Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.

2023 was a year in which cybercrime evolved in significant ways. Our 2023 annual report serves as a playbook of adversaries’ tactics, techniques, and procedures (TTPs) in 2023, with the goal of giving your security team a 360-degree view of the threat landscape. And with its predictions for 2024, the report also offers a roadmap for your enterprise. No matter where you are in your security journey, you’ll find the information you need to develop more effective security operations and strategies.

The report begins by reviewing key trends and events in technology, geopolitics, macroeconomics, and cyber policy in 2023. These include:

  • Threat actors exploited enterprise software at scale, as observed in CL0P ransomware group’s attack on third-party managed file transfer (MFT) services such as Fortra’s GoAnywhere and Progress Software’s MOVEit.
  • Offensive tooling is increasingly targeting Linux and macOS systems. Ransomware kits continue to expand beyond Windows environments, facilitating an expanded range of victims.
  • Nation states such as China-linked Spamouflage Dragon are already using AI-generated images to improve information operations (IO).

You’ll find valuable context and insights to connect the dots between these and other macro trends and the broader cyber threat landscape.

  • Ransomware groups will likely increase their targeting of technologies supporting hybrid and remote work.
  • The “phishing” landscape will become the “spearphishing” landscape as generative AI helps attackers create particularized lures.
  • The rise of passwordless logins will likely drive criminal activity away from infostealers and back to email-based credential harvesting.

Key theme #1: Ransomware groups will likely increase their targeting of technologies supporting hybrid and remote work.

In 2023, threat actors inflicted widespread damage by taking advantage of the fact that hybrid work and cloud computing have made enterprises’ attack surfaces increasingly complex and hard to manage.

How Recorded Future can help: Recorded Future enables analysts to understand the top initial access vectors used by ransomware actors to target their victims. One of the most targeted vulnerabilities for VPN technologies in 2023 was CVE-2023-27997. Check out how you can evaluate an unpatched FortiOS VPN exposure by drilling into host details, including detected technologies. Be able to pivot to the vulnerability to see its use by FIN7.

Key theme #2: The “phishing” landscape will become the “spearphishing” landscape as generative AI helps attackers create particularized lures.

Although it will take time for threat actors to develop the knowledge and skills to integrate AI into their operations, early adopters are already working on ways to amplify their tactics with AI.

The most tangible risks involve influence operations, social engineering, data privacy breaches, and intellectual property violations. In 2023, adversaries began using AI-powered chatbots to create convincing phishing emails, support scam operations, and analyze e-commerce merchants’ anti-fraud systems to facilitate payment fraud. They also began advertising malicious open-source LLM projects on the dark web with the promise of producing malware, creating phishing emails, and more.

How Recorded Future can help: Analysts can examine evidence of phishing in the Recorded Future platform with the Detection Trends dashboard. This dashboard visualizes detections across multiple security platforms, from SIEMs to SOARs to email security platforms. Filtering based on a specific MITRE T-code, such as T1598(Phishing for Information), analysts can quickly view associated YARA rules to run in their environment. The Detection Explorer will also showcase relevant indicators of compromise (IoC). We can see that this IoC has been used by TAG-66.

Get the 2023 Recorded Future Annual Report today.

Download the Annual Report for a comprehensive analysis of these and other critical threat events from 2023, plus a look at what we expect from adversaries in 2024.

Get in touch with Recorded Future to find out how our technology solutions and expertise can help your organization stay a step ahead of adversaries and protect your business-critical IP.