Amidst the ever-evolving realm of enterprise security, a new year unfolds, introducing a dynamic array of emerging threats. While the “prediction season” gains momentum, it's pivotal to reflect on the high impact of the 2023 cybersecurity landscape. This past year set a profound stage, from the advent of stringent cyber regulations to the convergence of generative AI, social engineering, and ransomware.

Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024.

2023 Rewind — Cyber Trends and Threats

The generative AI (r)evolution

2023 will be remembered as the year artificial intelligence (AI) rose to the forefront of our collective consciousness, ushering in never before seen opportunities and risks. The release of generative AI-powered applications like ChatGPT highlights the potential for AI and machine learning (ML) to reshape how organizations operate. In September, the Zscaler ThreatLabz team conducted an analysis of AI/ML and ChatGPT trends amongst enterprises stretching back across 2023 and, unsurprisingly, discovered upward trajectories in AI/ML traffic and usage.

This adoption brings us to the flip side of the generative AI coin: attackers are leveraging AI tools to elevate and automate phishing campaigns, craft extremely evasive malware, and reduce the development time of threats across the board. Security leaders and enterprises find themselves at a new crossroads, tasked with delicately navigating the interplay of securely leveraging AI’s evolutionary advancements while confronting the unforeseen revolutionary challenges of safeguarding against AI-powered threats.

Rampant ransomware — again

The pervasive impact of ransomware resonated widely in 2023. ThreatLabz research revealed a 37% surge in ransomware attacks, accompanied by an average enterprise ransom demand of $5.3 million and an average payment exceeding $100,000. 2023 also saw the rise of Ransomware-as-a-Service (RaaS), a business model in which ransomware authors or gangs sell or lease their services on the dark web. The ransomware family BlackCat group, or ALPHV, emerged as a significant contributor to this unsettling trend, linking back to multiple high-profile attacks against casinos.

Ransomware gangs also got stealthier in 2023, with ThreatLabz observing an increase in encryption-less extortion attacks. The absence of encryption allows attackers to eliminate development cycles and decryption support and quietly exfiltrate data before making ransom demands.

Clop ransomware’s zero day attack on the file transfer tool MOVEit was the largest data theft of 2023, impacting 83 million individuals and nearly 3,000 organizations. This hack served as a stark reminder that the supply chain remains a critical vulnerability in enterprise security.

More sophisticated social engineering

Social engineering attacks were adept at exploiting human vulnerability before—now, with AI part of the equation, these attacks are more of a threat than ever. While AI enhanced the sophistication and effectiveness of common social engineering tactics like phishing and smishing scams, there was a notable shift towards vishing (voice phishing) attacks in 2023. The use of voice communications to deceive victims was particularly effective for the BlackCat affiliate ScatteredSpider—and damaging for the gaming industry. Last year, we witnessed the fast-evolving nature of social engineering attacks, and this evolution poses greater challenges for detection and defense.

The fall of VPNs and firewalls

The cyberthreats and trends of 2023 send a clear message to organizations: they must evolve their security strategies to the times and embrace a zero trust architecture. Legacy, perimeter-based architectures like traditional virtual private networks (VPNs) and firewalls are not only expanding the attack surface, but also exacerbating challenges for organizations that are up against increasingly sophisticated threats and cloud-first demands.

In fact, 2023 saw an increase in VPN vulnerabilities and, accordingly, nearly 1 in 2 organizations reported that they experienced VPN-related attacks.

With 92% of those organizations considering, planning, or in the midst of a zero trust implementation, it’s an encouraging sign that zero trust grew as a priority in 2023.

Enterprise tools under attack

2023 saw threat actors, groups, and families pivot to targeting providers of core enterprise tools. These incidents highlight the increasing vulnerability of the broader digital supply chain and the interconnected nature of enterprise tools that are crucial to daily business operations. Whether driven by financial motives, the theft of valuable credentials, or even geopolitical interests in the case of nation-state attacks, the focus on these tools emphasizes the need for organizations to extend their cybersecurity protocol beyond their organizational walls. The solution? A more mature third party risk management program.

2024 Predictions — AI, RaaS, MiTM (and more)

Many of the past year's most impactful trends and threats will persist, evolve, and shape the enterprise security landscape in the year ahead. Let’s explore five predictions that should be top of mind for security leaders and organizations.

Prediction 1: Generative AI-Driven Attacks

Generative AI-driven reconnaissance, exploitation, and phishing attacks will grow in volume. There is good reason for AI to be at the top of security experts’ predictions list again this year. GenAI and large language mode (LLM) tools will be the great enablers of 2024, continuing to lower the barrier to entry for threat actors. AI empowers threat actors to automate diverse tasks at scale, from identifying exposed assets like firewalls, VPNs, and VDIs to effortlessly compiling lists of known vulnerabilities or crafting sophisticated phishing emails.

This level of scalability afforded by AI automation will undoubtedly continue to enhance the efficiency and reach of malicious activities this year. Reports of malicious versions of ChatGPT, like WormGPT, circulating on the dark web in 2023 signify two concerning trends: the potential for development of new malicious LLMs without any built-in ethical restraints, and the emergence of their use in threat campaigns. From suggesting attack ideas to automating development and execution processes, these AI tools have the potential to catapult cyberthreat evolution years into the future in mere months.

What’s more, 2024 is an election year in the United States, and it is a strategic imperative as such to ensure the resilience of critical infrastructure against AI-powered misinformation and other elusive attacks.

Organizations of every type will have to be more vigilant and take proactive security measures, from refreshed employee security training tailored to social engineering and AI-specific threats to holding vendors accountable for delivering AI-powered cybersecurity. We must fight fire with fire and use generative AI, machine learning, and deep learning techniques to protect data, devices, and networks against AI-powered threats.

Prediction 2: Ransomware-as-a-Service Innovation

Ransomware-as-a-Service will innovate and assist in the volume of successful attacks. The RaaS model is poised to further elevate cybercrime and empower less-skilled crime groups in 2024. In addition, we should anticipate a new wave and an increasing prevalence of initial access brokers, similar to Scattered Spider, that specialize in facilitating unauthorized access to target networks. Encryption-less attacks will continue to be a popular strategic tactic used by ransomware operators to evade detection, putting the onus on organizations to focus on detecting anomalous activity beyond the typical patterns associated with encryption-based ransomware.

In navigating these evolving ransomware threats and trends, organizations must prioritize comprehensive zero trust protection strategies for every stage of the attack chain, from initial compromise to execution.

Prediction 3: Rise in Man-in-the-Middle Attacks

Failure to implement a zero trust architecture will result in an increase in man-in-the-middle (MiTM) attacks. MiTM threats will remain a significant concern for enterprises in 2024, exacerbated by Phishing-as-a-Service toolkits that democratize sophisticated MiTM attacks, making them accessible to a broader range of threat actors. This tactic targets users of a specific server or system and captures data in transit, such as user authentication credentials or cookies, by mimicking online services through proxy servers.

The risks associated with MiTM phishing attacks—unauthorized access, data theft, and compromise of critical information—call for zero trust and advanced security measures. Without a proxy-based zero trust architecture, full TLS inspection, and FIDO2 multifactor authentication (MFA), organizations remain exposed to vulnerabilities in communication channels and user authentication. As such, it is imperative to prioritize these security measures in 2024.

Prediction 4: Supply Chain Attacks on Generative AI Ecosystems & Development Environments

Supply chain attacks will target vulnerable generative AI ecosystems. As supply chains become more interconnected and attacks more sophisticated in 2024, both upstream and downstream components of supply chains will be increasingly at risk.

Namely, attackers will leverage new ways to strategically exploit weaknesses in various components beyond traditional attack vectors. As organizations integrate more AI components to their supply chains, LLMs and AI will increasingly be part of supply chain security conversations. If not adequately secured, an AI-powered supply chain can become a target for attackers seeking to poison AI training data, manipulate updates, inject malicious algorithms, engage in prompt engineering, or exploit vulnerabilities as an entry point to compromise organizations' data or systems.

Organizations must recognize the critical role of a resilient supply chain in ensuring business continuity and overall resilience and prioritize investments to safeguard against the far-reaching consequences of supply chain compromise. Eliminating the internet-facing attack surface will be critical, and implementing zero trust security controls to stop lateral movement and block command-and-control activities will be instrumental in doing so. In short, enterprises must adopt a comprehensive approach to safeguard not only their internal AI applications but those of their suppliers, as well.

Prediction 5: Attackers Respond to SEC Regulations

Attacks will shift in response to the cyber regulations imposed by the U.S. Securities and Exchange Commission (SEC). Anticipating the impact of the new SEC regulations mandating disclosure of material breaches, it's likely that attackers will further hone their already adept stealth methods. Expect a heightened focus on covert strategies, leveraging sophisticated evasion techniques and encryption to prolong undetected access. Additionally, attackers may target non-material systems more frequently to navigate under the radar, gather intelligence, and discreetly escalate privileges. With an eye on evading immediate disclosure obligations, we could see a surge in third-party and supply chain vulnerability exploitation. In essence, the future threat landscape may dictate a predictive shift toward even more strategic and discreet approaches as attackers adapt to emerging regulatory frameworks.

The SEC cyber regulations will also drive strategic shifts in security teams. The mandates for timely reporting of material incidents and annual reporting on cyber risk management will be a catalyst for more cross-functional collaboration in 2024. How will organizations prepare and comply with the reporting process? Do they have sufficient defense in depth and security governance? These questions—and their legal implications—will be a forcing function for cyber and corporate alignment. For many companies, this means that CISOs and security leaders will work closer than ever with CEOs, legal teams, and boards to develop processes for disclosure and strengthen their organization’s security posture.

As the new year unfolds, security teams will have their work cut out for them. By prioritizing investments in a zero trust architecture, AI-based security controls, employee training, and strategic planning, you can build resilience and better protect against evolving threats. The Zscaler Zero Trust Exchange counters advanced attacks through TLS/SSL inspection, browser isolation, and policy-driven access controls, stops lateral movement with direct user-to-app connections, and prevents data loss with thorough inspection. Request a customized demo on how Zscaler can help address your organization’s security needs.

Follow Zscaler ThreatLabz on X (Twitter) and our Security Research Blog to stay on top of the latest cyberthreats and security research. The Zscaler ThreatLabz threat research team continuously monitors threat intelligence from the world’s largest inline security cloud and shares its findings with the wider security community.