Cybercriminals embrace smarter strategies, less effort

2024 is shaping up to be a record-breaking year for data breaches, according to Experian. Despite 2023 being labeled as a ‘successful’ year for malicious actors, the upcoming months may bring forth developments that could further disrupt the cybersecurity landscape.

Supply chain vulnerabilities amplified

There’s no question third-party data breaches have made headlines. With increased data collection, storage, and movement, there are plenty of partners down the supply chain that could be targeted. We predict attacks on systems four, five or six degrees from the source as vendors outsource data and technology solutions who outsource to another expert and so on.

Digital transformation is expanding threat surfaces. SaaS platforms and public cloud infrastructures, are pushing the perimeter out into the internet itself—putting users at greater risk.

When trying to achieve a goal, it’s said that taking small steps can lead to big results. Hackers could apply that same rule. Instead of making drastic moves and trying to reap instant reward such as with ransomware, bad actors may manipulate or alter the tiniest bits of data to stay under the radar such as changing a currency rate or adjusting the coordinates for transportation, which can have a major impact.

It’s widely known who the major players are globally that sponsor attacks and a new country in South Asia may join the international stage with their large population of engineers and programmers. While reportedly having been in the game focusing cyberattacks regionally due to political tensions, this country may broaden their sights in the future.

Plutonium, terbium, silicon wafers — these rare earth materials that are the building blocks for today’s hardware are rapidly becoming the most sought-after resources on the planet. Any disruption to an strained supply chain could send the industry (and the economy that relies on these materials) spinning.

This presents an intriguing opportunity for threat actors seeking mass disruption or nations looking to corner markets.

“Cybercriminals are continually working smarter, not harder,” said Michael Bruemmer, VP, Global Data Breach Resolution at Experian. “They are leveraging new technologies like artificial intelligence and applying their talents in different ways to be more strategic and stay a step ahead. Organizations should not ignore even the slightest security abnormalities and be more aware of what global interests may make them a target.”

Winning from the inside

Like drug cartels, cybergangs are forming sophisticated organizations as joining like-minded actors can be incredibly advantageous. This spans globally with countries potentially helping each other to advance common goals and interests. We’ll see more hackers for trade, crews looking to expand their monopolies, and cyberwarfare alliances.

In 2024, enterprising threat actors may target more publicly traded companies to gain insights to cheat the stock market or plan their attacks and sell their stash before value nosedives. Rather than breach an organization and play in the underground with stolen data, threat actors could leverage data extraction and their talents in plain sight as everyday investors.

“Today, perpetrators can come from anywhere in the world and bring with them robust resources and expertise,” added Jim Steven, Head of Crisis and Data Response Services at Experian Global Data Breach Resolution in the United Kingdom. “There are many global crime syndicates and nation-backed operations, so companies need to invest in sophisticated prevention and response methods to protect themselves.”