Kaspersky predicts advanced threats in 2024

Kaspersky researchers predict that APT hackers will exploit new vulnerabilities to penetrate mobile devices, wearables, and smart devices, and use them to form botnets, refine supply chain attack methods, and use artificial intelligence (AI) to make phishing attacks more effective. These improvements will lead to an increase in politically motivated attacks and cybercrime in the future.

Additionally, emerging AI tools make it easier to craft phishing messages online, even allowing them to mimic specific individuals. Attackers can devise creative automation methods by collecting online data and feeding it to a large language model (LLM) to generate messages that sound like someone the victim knows.

Operation Triangulation marks an alarming year for mobile exploits and is likely to inspire more research into APTs targeting mobile, wearables, and smart devices. We will likely see threat actors expand their surveillance efforts, targeting a variety of consumer devices through vulnerabilities and “silent” exploit delivery methods, including zero-click attacks via messengers, one-click attacks via SMS or messaging apps, and interception of network traffic. As such, protecting personal and enterprise devices is more important than ever.

Additionally, users should be wary of exploiting vulnerabilities in commonly used software and devices. However, the discovery of high-severity vulnerabilities is often limited in research and delayed in fixing, which opens the door to new, large-scale botnets capable of stealthy, targeted attacks.

Other advanced threats also predicted in 2024 include:

• 2024 could see new developments in dark web access market activity related to supply chains, enabling larger and more effective attacks.
• Hack-for-hire groups are on the rise, offering data theft services to clients ranging from private investigators to business rivals, a trend that is expected to grow in the coming year.
• Windows kernel attacks are on the rise, enabled by Well Head Control Panel (WHCP) abuse, a growing underground market for stolen EV certificates and code signing, and threat actors are increasingly leveraging Bring Your Own Vulnerable Driver (BYOVD) malware in their tactics.