The ‘ classics ’ aren ’ t going away – instead , they ’ re evolving and advancing as attackers gain access to new resources .
the attacker . They ’ ll also expand their playbooks , making their activities more personal , aggressive and destructive in nature .
The ‘ classics ’ aren ’ t going away – instead , they ’ re evolving and advancing as attackers gain access to new resources .
It ’ s a new day for zero days : As organisations expand the number of platforms , applications and technologies they rely on for daily business operations , cybercriminals have unique opportunities to uncover and exploit software vulnerabilities . We ’ ve observed a record number of zero-days and new Common Vulnerabilities and Exposures ( CVEs ) emerge in 2023 and that count is still rising . Given how valuable zero days can be for attackers , we expect to see zeroday brokers – cybercrime groups selling zero-days on the Dark Web to multiple buyers – emerge among the CaaS community . N-days will continue to pose significant risks for organisations as well .
Playing the inside game : Many organisations are leveling up their security controls and adopting new technologies and processes to strengthen their defences . These enhanced controls make it more difficult for attackers to infiltrate a network externally , so cybercriminals must find new ways to reach their targets . Given this shift , we predict that attackers will continue to shift left with their tactics , reconnaissance and weaponisation , with groups beginning to recruit from inside target organisations for initial access purposes .
Ushering in ‘ we the people ’ attacks : Looking ahead , we expect to see attackers take advantage of more geopolitical happenings and eventdriven opportunities , such as the 2024 US elections and the Paris 2024 games . While adversaries have always targeted major events , cybercriminals now have new tools at their disposal – www . intelligentciso . com
75