The rapid advancement of artificial intelligence (AI), international tensions, and the proliferation of smart technologies, such as the Internet of Things (IoT), have been highlighted as leading cybersecurity challenges for 2024 by Kaspersky.
The global expansion of e-commerce and financial technologies has led to wider adoption of instant electronic payments between individuals. However, this progress hasn't come without risks, as criminials continually devise advanced techniques for stealing payment data on e-commerce sites and online stores. The latest web skimmers, installed by hackers on legitimate online commerce platforms, are virtually undetectable with victims only learning of the data breach when an unauthorised charge appears on their bank statement.
To counteract this, Kaspersky recommends a number of measures including linking bank cards to systems like Apple Pay or Google Pay, using comprehensive security systems such as Kaspersky Premium, making use of virtual or one-time cards for online payments, and not taking content found on social media platforms or online at face value. This is due to the growing use of generative AI to create fake texts, photos, and videos that can now be produced in a matter of minutes. Such counterfeit content has already had an impact on areas of cybersecurity, from its propaganda usage in geopolitical conflicts to fraudulent fundraising endeavours.
AI has also played a significant role in the evolution of phishing emails and fraudulent websites. Previously, they were easily identifiable through sloppy language and typos, but with language models optimised for hackers, such as WormGPT, attackers can create more convincing and varied bait on a larger scale. It is feared that these multilingual AI models will soon be used to create fraudulent material in regions and languages that have previously been neglected by scammers.
High-quality AI-driven voice 'deepfakes' have been flagged as a rising threat in fraudulent efforts, particularly telephone scams impersonating known voices. More complex schemes have also been identified, in which the perpetrators attempt to target company employees in order to gain access to corporate network passwords. In response to this, Kaspersky advises remaining calm in any surprising or distressing phone calls, asking questions only the expected caller would know the answers to, not sharing sensitive information over the phone, utilising caller identifier apps, and being wary of unexpected callers on messaging platforms like WhatsApp.
Poorly-protected IoT devices have been identified as another potential risk for consumers. Examples of such risks include compromised smart devices spying on their owners, overfeeding or starving pets through tampering with smart pet feeders, set-top boxes creating rogue proxies on home networks, and turning home security cameras into unconsented 'reality TV' broadcasting points.
Looking to 2024, regulatory requirements for IoT manufacturers are expected to improve. In the UK, sales of devices with default logins and passwords such as 'admin/admin', will be banned while manufacturers will also be required to disclose the length of time a particular device will receive firmware updates. A similar trend is noted in the U.S., where a security labelling system is being developed.
The final point raised by Kaspersky is the risk for vulnerable individuals such as the elderly, children, or those uninterested in technology falling victim to scams involving fake texts, images, and voice messages. It is recommended that cybersecurity tips are shared with family and colleagues, and to ensure that all family computers and phones have comprehensive protection.
Kaspersky concludes by reiterating the importance of continuing with previously recommended practices such as transitioning to password-less systems and practising basic cybersecurity hygiene. With these measures in place, Kaspersky wishes all a peaceful and secure 2024.