Cyber evolution: Trends defining 2024 and the years ahead

The cyber risk landscape is not static, and new avenues of attack for cyber criminals continue to emerge. The future cyber threats and cyber trends that will define 2024 and beyond will arise from:

• new and emerging technologies (5G technology and IoT devices)
• new methods (evolving ransomware), and
• the evolving geopolitical landscape (cyber espionage).

1. New and emerging technologies: 5G, IoT devices and cyber security risks

Australia’s three mobile network operators – TPG Telecom (Vodafone), Telstra, and Optus – recently announced the closure of their 3G networks to make way for 5G technology. This closure will happen in stages, with the TPG Telecom-owned Vodafone 3G network closing from 15 December 2023; Telstra commencing a gradual switch-off of its 3G network from 30 June 2024, and Optus phasing out its 3G network from September 2024.¹

The fifth generation (5G) of wireless technology represents a complete transformation of telecommunication networks and will change the digital landscape, providing a catalyst for innovation, new markets, and economic growth.² However, the technology will also pose new cyber security risks that businesses need to prepare for. We predict that the cyber security risks of new and emerging technologies such as 5G will define 2024 and beyond as countries become more reliant on this technology.

5G technology is fundamentally different from previous generations and represents greater connectivity and enhanced network capacity. According to GSMA Intelligence, by 2030 5G will overtake 4G to become the globally dominant mobile technology, with 5.3 billion connections.³ However, 5G networks also boast a wider attack surface due to the increased number of connected devices and the denser network infrastructure. Additionally, its reliance on cloud, virtualisation, and software-defined networking introduces new avenues for exploitation.⁴

Individuals, businesses, and governments should consider the following risks:⁵

• 5G networks will be exposed to various cyber threats, including ransomware, potential data breaches and DDoS attacks. The increased attack surface, higher data speeds and lower latency provide cyber criminals with new opportunities to launch sophisticated attacks.
• Internet of Things (IoT) vulnerabilities also need to be proactively managed. The proliferation of IoT devices on 5G networks creates a security challenge, as many IoT devices often do not have robust security features.
• The enhanced network capability and increased transmission of data will also bring heightened privacy and data risks.
• Finally, supply chain concerns apply equally to 5G networks. With 5G infrastructure being built by multiple vendors across the globe, the supply chain will become more complex and potentially more vulnerable to cyber attacks. A compromised component within the supply chain could lead to widespread vulnerabilities and potentially catastrophic consequences.

There are significant benefits to the world shifting towards 5G technology, which will fuel the growth of IoT devices and other innovations. However, with every new piece of technology come unknown and potentially serious cyber security risks for individuals, businesses and governments. Businesses should ensure that as they adopt new and emerging technologies, they keep cyber security risks and measures to enhance network security front of mind.

2. New methods: evolving ransomware

The one certainty about ransomware attacks is that they will continue to evolve to be more mature, sophisticated and targeted.

Ransomware groups have steadily shifted and adapted their techniques in order to remain a threat. In previous years, they would send phishing emails to gain access to an organisation before embedding their malware.⁶ Law enforcement, government regulation and user awareness have since forced ransomware groups to adapt.⁷

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more commercialised, advanced and better targeted. This has no doubt contributed to the "stunning success" of ransomware gangs in 2023, who have reportedly stolen more than US$1 billion in 2023 — the largest amount ever recorded, as reported by Chainalysis Inc.⁸ This is almost double the US$567 million ransomware gangs made away with in 2022.

In 2023 we also saw ransomware attacks combined with other methods to expand their impact, such as targeting zero-day vulnerabilities in digital supply chains for the attack to penetrate multiple businesses. A report by Akamai Technologies stated that several major ransomware operators were focused on acquiring zero-day vulnerabilities — either through in-house research or procurement from grey-market sources — to use in their attacks.⁹ This combined attack method proved to be a more efficient and profitable pathway for cyber criminals as they were able to gain unauthorised access into many organisations through one attack.

The most notable victim of zero-day vulnerability ransomware in 2023 was MOVEit, a file transfer service that was infiltrated using Cl0p ransomware.¹⁰ The vast extent of this hack is still being understood as the breach impacted many companies worldwide including IBM, Shell, British Airways and the BBC. Chainalysis reported that the Cl0p ransomware gang racked up over US$100 million in ransom payments with this breach.¹¹

Kapersky's overview of ransomware trends, published in May 2023, identified three key trends that demonstrated the increased sophistication of ransomware.¹²

Firstly, ransomware groups are incorporating self-spreading functionality or imitations into their malware, as seen in recent activity by threat actors Black Basta, LockBit and Play.

Secondly, cyber criminals are exploiting vulnerabilities in antivirus drivers, even targeting industries like gaming. The trend of driver abuse will continue to evolve.

Finally, large ransomware gangs are using leaked or purchased code to strengthen their offensive capabilities. Kapersky recently saw the LockBit group adopt at least 25% of leaked Conti code and issue a new version based entirely on that. Initiatives like these enable affiliates to work with familiar code, while malware operators get an opportunity to boost their offensive capabilities. Collaboration among ransomware gangs has also resulted in more advanced attacks. Groups are working together to develop cutting-edge strategies for circumventing security measures and improving their attacks. The trend has given rise to ransomware businesses that build high-quality hack tools and sell them to other ransomware businesses on the black market.

We predict that as well as ransomware attacks continuing to scale up with increased commercialisation, threat actors’ methods will keep evolving to become more impactful, efficient and effective. Threat actors will start using automation as a time and cost saving technique. Utilising AI techniques to minimise human error, cyber criminals could traffic a high volume of automated ransomware attacks onto one business, making it much harder to defend. Building on the success of cloud-native attacks, hackers could evolve to target the weakest link in the chain, further embedding ransomware until they are able to gain access to a larger company.

Organisations will need to remain vigilant, including regularly checking their software and firmware for any vulnerabilities so they can stay a step ahead of the ransomware groups as they continue to adapt and improve their techniques.

3. The evolving geopolitical landscape and rise of cyber espionage

Cyber espionage, or cyber spying, has been defined as a type of cyber attack in which an unauthorised user attempts to access sensitive or classified data or intellectual property (IP) for economic gain, competitive advantage or political reasons.¹³ As geopolitical conflicts and risks continue to evolve and increase in tension, we predict a continued rise in instances of cyber espionage.

Critical infrastructure remains one of the top targets for malicious cyber attacks.¹⁴ Governments and operators of critical infrastructure remain vulnerable due to the sensitive information they possess and their high level of connectivity with other organisations, paving the way for a rise in cyber espionage. In 2023 and the beginning of 2024 in both Australia and the United States, Chinese-led cyber operations have targeted major government infrastructure.¹⁵ In an unprecedented joint statement, on 17 October 2023 intelligence chiefs from the Five Eyes countries — United States, Britain, Canada, Australia and New Zealand — warned against China's cyber attempts to steal various state secrets.¹⁶

Private sector organisations that possess confidential information have just as much reason to be concerned. Moving into 2024 and beyond, organisations need to be wary of not just the financial risk of harm when undoing a cyber attack, but also the implications of a cyber threat actor targeting sensitive or classified data or intellectual property for non-financial reasons, particularly if a state-backed actor is involved. Several key incidents have demonstrated that threat actors do not need to target government agencies directly for cyber espionage; they can do so through the supply chain, including through legal advisors.

Governments, operators of critical infrastructure and private sector agencies that contain any level of sensitive information or classified data or intellectual property must focus on continuing to enhance cyber security measures to ensure resilience against such attacks.

Access CyberSight 360 - A legal perspective on cyber security and cyber insurance for more on the key events, legislative and regulatory changes, trends and lessons from the year in cyber, and what we can expect in the year ahead.

¹ https://www.tio.com.au/sites/default/files/2023-12/AMTA_3G%20network%20closure%20release%20Fact%20Sheet.pdf

² https://www.cisa.gov/topics/risk-management/5g-security-and-resilience

³ https://www.gsma.com/newsroom/article/safeguarding-the-future-managing-5g-security-risks/#:~:text=Cyber%2DAttacks%3A%205G%20networks%20will,potential%20data%20breaches%2C%20and%20ransomware

⁴ Ibid

⁵ https://www.gsma.com/newsroom/article/safeguarding-the-future-managing-5g-security-risks

⁶ https://www.akamai.com/blog/security/ransomware-on-the-move-evolving-exploitation-techniques

⁷ https://www.trendmicro.com/en_vn/ciso/23/b/ransomware-trends-evolutions-2023.html

⁸ https://www.chainalysis.com/blog/ransomware-2024/

⁹ https://www.akamai.com/newsroom/press-release/akamai-research-rampant-abuse-of-zero-day-and-one-day-vulnerabilities-leads-to-143-increase-in-victims-of-ransomware

¹⁰ https://assets.sophos.com/X24WTUEQ/at/c949g7693gsnjh9rb9gr8/sophos-state-of-ransomware-2023-wp.pdf

¹¹ https://www.chainalysis.com/blog/ransomware-2024/; https://www.insurancejournal.com/news/national/2024/02/07/759806.htm

¹² https://www.kaspersky.com/about/press-releases/2023_should-i-stay-or-should-i-go-how-major-gangs-shutdown-affected-ransomware-trends-for-2023

¹³ https://www.crowdstrike.com/cybersecurity-101/cyberattacks/cyber-espionage/

¹⁴ https://www.cyber.gov.au/about-us/reports-and-statistics/asd-cyber-threat-report-july-2022-june-2023

¹⁵ https://www.reuters.com/technology/us-disrupts-chinese-botnet-targeting-critical-infrastructure-fbi-says-2024-01-31/; https://www.weforum.org/agenda/2023/06/us-china-cyber-espionage-campaign-cybersecurity-news/; https://www.abc.net.au/news/2023-11-15/asd-reports-increase-in-cyber-attacks/103103320

¹⁶ https://www.reuters.com/world/five-eyes-intelligence-chiefs-warn-chinas-theft-intellectual-property-2023-10-18/