IBM’s 2024 predictions show gen AI is the new DNA of cyberattacks

IBM predicts attackers will strengthen their arsenals with generative AI and take their attack tradecraft to a new, more lethal level in 2024. The new year signals the start of a new era of deception and identity abuse, IBM’s predictions warn, with attackers compromising networks with counterfeit and stolen privileged access credentials. 

Seventy-five percent of security failures start because privileged access credentials and their associated identities aren’t managed securely, according to Gartner. That’s up from 50% just three years ago. 

Unit 42’s Cloud Threat Report found that 99% of analyzed identities across 18,000 cloud accounts from more than 200 organizations had at least one misconfiguration, indicating gaps in Identity Access Management (IAM) protection. 

CrowdStrike’s 2023 Threat Hunting Report found that “80% of cyberattacks leveraged identity-based techniques to compromise legitimate credentials and try to evade detection.” The report continues, “This year, the report shows adversaries are doubling down on stolen credentials, with a 112% year-over-year increase in advertisements for access-broker services identified in the criminal underground.” 

Why gen AI is becoming the new DNA of cyberattacks 

Attackers know where the most vulnerable gaps are across threat surfaces, and they’re using gen AI to find new ways to exploit them. IBM implies that attack strategies will take a more multidimensional approach, with more sophisticated social engineering tactics created using gen AI leading the way. 

Here are IBM’s ten cybersecurity predictions for 2024:   

• 2024 will be the year of deception. Charles Henderson, global head, IBM X-Force, predicts 2024 is going to be a busy year for cybercriminals amid ongoing geopolitical tensions, major elections in the U.S. and European Union and the biggest sporting event in the world (Paris Olympics) all taking place within a few months from each other. Henderson notes, “It’s a perfect storm of events that’s going to see disinformation campaigns on a whole new level.”

  “Cybercriminals have everything they need to deceive unsuspecting users, consumers and even public officials through AI-engineered deception tactics. We’re about to see improved deep fakes, audio fakes and very convincing AI-crafted phishing emails in cybercriminals’ efforts to deceive the public and advance their malicious objectives,” Henderson added.

• GenAI is about to make “customer acquisition” much easier for cybercriminals. Henderson says that cybercriminals have had limited success monetizing the data they’ve exfiltrated from tens of thousands of companies. He points out that gen AI is already changing that. Gen AI allows for the data to be filtered, correlated and categorized in minutes. Thus, attackers’ strategies will look more like a customer acquisition process as the year progresses.  

• Enterprises are going to see an influx of “Doppelgänger Users” as identity-based attacks escalate. “In the next year, I expect we’ll see more “doppelgänger” users popping up in enterprise environments, with users behaving a certain way one day, and another way the next — this abnormal behavior should be enterprises’ sign of compromise,’ predicts Dustin Heywood, chief architect of IBM X-Force. “With millions of valid enterprise credentials on the Dark Web right now and the number continuing to rise, attackers are weaponizing identity, viewing it as a stealthy means of access to overprivileged accounts.” 

• Get ready for the AI Version of Morris Worm signaling a new era of cyberattacks. The Morris Worm is considered the first cyberattack ever reported in 1988. John Dwyer, head of research, IBM X-Force says a “Morris Worm-like” event where AI is confirmed to be used to scale a malicious campaign is imminent. “With AI platforms starting to become generally available to businesses, adversaries will begin testing the nascent AI attack surface with activity increasing as AI adoption begins to scale. While we’re still far out from the day where AI-engineered cyberattacks become a norm, these things don’t happen overnight – but the ‘premiere’ is likely around the corner,” predicts Dwyer. 

• Amid a midlife crisis, Ransomware is heading for a makeover.  Dwyer predicts “ransomware may be facing a recession in 2024, as more countries pledge not to pay the ransom, and increasingly fewer enterprises succumb to the pressure of encrypted systems – choosing to divert funds to rebuilding systems versus decrypting systems.” IBM found that ransomware operators struggle with cash flow issues making it difficult to fund their resource-intensive campaigns. 

• Generative AI adoption will force CISOs’ focus on critical data. Akiba Saeedi, vice president of data security, IBM Security, says that “data security, protection and privacy measures are the linchpin to the success of an AI-driven business model, but with data becoming more dynamic and active across the environment, the discovery, classification and prioritization of critical data will be a top action for security leaders in 2024.” Saeedi observes that “with enterprises beginning to embed gen AI into their infrastructure, they’re dealing with new risk introduced by centralizing various types of data into AI models, various stakeholders accessing those models and data they’re ingesting,  as well as the actual inference and live use of the model. This risk will drive CISOs to redefine what data can introduce an existential threat to the organization if compromised (e.g. fundamental IP) and reassess the security and access controls surrounding it.”

• Gen AI will level up the role of security analysts. Chris Meenan, vice president, product management, IBM Security says companies have been using AI/ML to improve the efficacy of security technologies for years – but the introduction of generative AI will be aimed squarely at maximizing the human element of security. Meenan predicts that “in this coming year, gen AI will begin to take on certain tedious, administrative tasks on behalf of security teams – but beyond this, it will also enable less experienced team members to take on more challenging, higher level tasks.”  “By embedding this type of gen AI into existing workflows, it will not only free up security analysts’ time in their current roles but enable them to take on more challenging work – alleviating some of the pressure that has been created by current security workforce and skills challenges,” Meenan predicts. 

• From threat prevention to prediction — cybersecurity nears a historic milestone. “As AI crosses a new threshold, security predictions at scale are becoming more tangible,” observes Sridhar Muppidi, CTO, IBM Security. Muppidi predicts “Although early security use cases of generative AI focus on the front end, improving security analysts’ productivity, I don’t think we’re far from seeing generative AI deliver a transformative impact on the back end to completely reimagine threat detection and response into threat prediction and protection,” Muppidi says.

• A new approach to security’s “Identity Crisis” is coming. Wes Gyure, director of identity and access management, IBM Security, observes that “In the past, organizations hoped to consolidate these identities via a single identity solution or platform, but in today’s reality organizations are coming to terms with the fact that this approach is neither practical nor feasible.” Gyure predicts that “In the coming year, organizations will move to embrace an “identity fabric” approach which aims to integrate and enhance existing identity solutions rather than replace them. The goal is to create a less complex environment where consistent security authentication flows and visibility can be enforced.”

• Harvest Now, Decrypt Later” attacks to become more common with Quantum advancements. “Quantum system performance continues to scale closer to the point of being cryptographically relevant, with studies conducted by World Economic Forum, National Security memorandums, and timelines published by CNSA suggesting quantum computers could have the ability to break the most widely used security protocols in the world by as early as the 2030s,” predicts Ray Harishankar, IBM Fellow, IBM Quantum Safe. He cautions that “systems are vulnerable to “harvest now, decrypt later” attacks — where bad actors steal and store data for later decryption on the chance of accessing such future quantum computers. With quantum computing advancing rapidly, we believe these attacks will become more common over the next several years.” Harishankar says the U.S. National Institute of Standards and Technology (NIST) has already begun the process of developing new quantum-safe cryptography standards and is expected to publish its first official standards in early 2024.