Experts predict top security threats to watch out for this year.

When Russia invaded Ukraine in 2022, it wasn’t only the missiles and airstrikes that made headlines. In the lead-up to the invasion, Russia launched an unprecedented cyberattack on more than a dozen Ukrainian government websites. Two years on, it serves as a reminder that modern-day battlegrounds extend far beyond national borders.

“We used to call it the ‘battleground’, but now it’s called the ‘battlespace’,” says Glenn Maiden, director of threat intelligence operations at FortiGuard Labs Australia and New Zealand, the elite threat intelligence and research arm of cybersecurity company, Fortinet.
“In the old days, war was conducted by the air force, army or navy. In the last 30 to 40 years, the domain of warfare has expanded, with cyberspace becoming the fifth domain,” he says. “That means no matter where we are in the world, every single one of us is in the battlespace.”

New era for cybercrime

Late last year, FortiGuard Labs released its 2024 cyberthreat predictions report, which dives into the rapidly evolving cybercrime landscape. With the growth of the Cybercrime-as-a-Service (CaaS) market and the rise of artificial intelligence (AI), attackers now have more tools than ever at their disposal.

One long-standing tool is ransomware, a type of malware (malicious software) that blocks access to a victim’s personal data unless they pay a hefty ransom.

“The old style of ransomware was relatively unsophisticated, where you would receive an email saying ‘Get your free iPhone’ or ‘You’ve got a package’,” says Maiden. “But in the last few years, it’s changed with the emergence of a more sophisticated darknet cybercrime ecosystem.

“Ransomware organisations like REvil or Conti write the malware, then their specialist affiliates attack, often targeting mature sectors like manufacturing, telecommunications or government departments.”

Fortinet’s report notes that ransomware attacks have skyrocketed worldwide, making every organisation a target, regardless of size or industry. These attacks are increasingly becoming more personal, aggressive and destructive.

Another burgeoning type of attack is the zero-day. In cybersecurity terms, a zero-day is a vulnerability in a computer system unknown to its administrators, leaving it wide open for exploitation. With a record number of zero-day attacks in 2023, there has been a concurrent rise in zero-day brokers and cybercrime groups selling these vulnerabilities on the dark web.

The report also notes a growing problem within insider threats, prompting many organisations to increase their security controls to protect against internally recruited attackers.

Event-based attacks; the rise of AI

In 2018, a large-scale cyberattack disrupted the opening ceremony of the Pyeongchang Winter Olympics. Internet and telecasts were disconnected, drones were grounded and ticketing systems collapsed.

It wasn’t the first time the Olympics had been targeted, with London 2012 authorities receiving cyberattack warnings on the eve of the opening ceremony. With Paris 2024 only months away, Maiden says there’s always a risk of further attacks.

“I think it’s very likely we’ll see it again in 2024,” he says, adding that the US presidential election could also be a target later this year. “We saw Russian-derived bots pushing misinformation in the 2020 US elections and, before Trump and Biden, there was the Hillary Clinton email issue in 2016.”

The difference in 2024, says Maiden, is that cybercriminals now have new tools at their disposal with the rapid rise of generative AI.

Staying cyber resilient

The Paris Olympics and US elections may feel like a world away for Kiwis, but Maiden says New Zealanders still need to be vigilant: “We need to understand we’re just as much an attractive target as anyone else. Whether you’re in Geneva, Auckland or Canberra, the risk is the same, and there are absolutely no geographical limits.

“Countries like New Zealand and Australia are especially attractive targets because we have long-running superannuation schemes, plus we’re relatively digitised and wealthy. From a cybercriminal’s perspective, that’s quite attractive.”

At an individual and organisational level, Maiden’s advice is simple:

• Manage passwords: use unique passwords for every login, ensuring each password is long and contains uppercase and lowercase letters, numbers and special characters. If possible, use a secure password management system to protect your passwords.
• Multi-factor authentication: “if there’s the option to use multi-factor authentication, do it,” says Maiden, adding that SMS authentication is less reliable due to the rise of SIM-swapping scams.
• Be careful what you share: it’s easy to dig up a lot of information about a person through their social media profile. Maiden says people who are particularly active on social media are more easily targeted.
• Always have a backup: not only do we all need to regularly back up our computers, says Maiden, but we also need to store our backups locally. Having a recent backup protects ransomware victims from having to pay a ransom to retrieve encrypted files.

“This is going to be quite a significant year with a lot of unrest, from the US elections to China advancing, to the wars in Ukraine and Gaza,” says Maiden. “We all have to be vigilant online, ensuring all our systems are as secure as possible. If we do that, and keep an eye out for misinformation and disinformation, hopefully, we can avoid upheaval.”

Fortinet’s Future of Security Operations Summit 2024 takes place on Tuesday 20 February at The Northern Club in Auckland. For more information: events.fortinet.com/SecOpsSummit24-NZ