Kaspersky predicts advanced threats in 2024

Kaspersky researchers predict that APT hackers will exploit new vulnerabilities to penetrate mobile devices, wearables and smart devices, and use them to form botnets, refine supply chain attack methods and use artificial intelligence (AI) to make phishing attacks more effective. These improvements will lead to an increase in politically motivated attacks and cybercrime in the future.

Additionally, emerging AI tools make it easier to craft phishing messages online, even allowing them to mimic specific individuals. Attackers can devise innovative automation methods by collecting online data and feeding it into a large language model (LLM) to generate messages that sound like someone the victim knows.

Operation Triangulation marks an alarming year for mobile exploitation and is likely to inspire more research into APTs targeting mobile, wearables, and smart devices. We will likely see threat actors expand their surveillance efforts, targeting various consumer devices through vulnerabilities and “silent” exploit delivery methods, including zero-click attacks via messengers, one-click attacks via SMS or messaging apps, and network traffic interception. As such, protecting personal and corporate devices is more important than ever.

Additionally, users should be wary of exploiting vulnerabilities in commonly used software and devices. However, the discovery of high-severity vulnerabilities is often limited in research and delayed in fixing, which opens the way for new, large-scale botnets with the ability to stealthily and deliberately attack.

Other advanced threats also predicted in 2024 include:

• 2024 could see new developments in dark web access market activity related to supply chains, enabling larger and more effective attacks.
• Hack-for-hire groups are on the rise, offering data theft services to clients ranging from private investigators to business rivals, a trend expected to grow in the coming year.
• Windows kernel attacks are on the rise, fueled by Well Head Control Panel (WHCP) abuse, a growing underground market for stolen EV certificates and code signing, and threat actors are increasingly leveraging Bring Your Own Vulnerable Driver (BYOVD) malware in their tactics.