As a continuation of our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we headed down the (metaphorical) corridor to the Threat Labs. We wanted to extract from them some threats and cyberattack-related predictions, based on what they are starting to see evolving in the landscape. We’ve got a great selection, covering generative AI, software supply chain, and social engineering. Strap in!
AI and Machine Learning stand to make cyberattacks more sophisticated
“AI and Machine Learning will be used in future cybersecurity attacks to generate realistic phishing emails and websites, as well as creating deepfakes for spreading misinformation and disinformation. The data voids from generative AI’s responses will be leveraged further to contaminate the supply chain by malicious actors. In short, AI and ML can both be used to make cyberattacks more sophisticated, dangerous, and challenging to detect.” Hubert Lin, Senior Staff Threat Researcher
Generative AI used to plan cyberattacks
“We will see the release of generative AI that uses the tree of thought prompting to help plan cyber attacks. It’s quite possible that we could see something arise that plugs into other pieces of the botnet ecosystem that will make launching attacks a simple question of paying for what you want and then typing it in. It may even escalate the frequency and intensity of cyber attacks from parties who are engaged in physical conflicts around the world.” Colin Estep, Principal Engineer
Software supply chain will continue to be a high-value target for threat actors
“In 2024, the software supply chain will continue to be a high-value target for advanced threat actors. Over recent years, attacks on all four components—source, build, dependencies, and deployment—have escalated dramatically. Despite the difficulty, successful compromises offer significant rewards, driving threat actors to invest in these more sophisticated tactics. This will continue into the coming year, where we will see even more creative exploits at the source stage, where attacks will range from injecting backdoors to outright theft of proprietary algorithms and everything in between.” Dagmawi Mulugeta, Staff Threat Researcher
Social engineering will dominate the threat landscape
“Social engineering will be the primary infiltration tactic in cyberattacks, because it can be effective against a wide variety of targets. The primary channels for social engineering will include messaging apps, social media, phone calls, text messages, and of course email.” Ray Canzanese, Head of Netskope Threat Labs
Generative AI chatbots will be increasingly abused to deliver malware and phishing
“Delivering trojan-ized installers, phishing and scam websites through search engine result pages has been an effective technique deployed by attackers throughout 2023. As generative AI chatbots continue to rise in popularity, we should expect that they will also be abused to serve malicious payloads next year. Organizations should ensure visibility and control to protect their users from this attack vector.” Jan Michael L. Alcantara, Threat Research Engineer
