Cybercrime Trends 2024

Cybercrime
Trends 2024
The latest threats and security best practices
Cybercrime Trends 2024 2
Contents
Introduction 3
1 AI’s growing role in 4 6 Challenges for the 25

cyberattacks public sector and critical
infrastructure
2 Cybercriminals exploit 8 Interview with 29

all new technologies John Noble, NHS England
3 Cybercrime will become 11 7 Pretexting and 33

more professionalized multichannel tactics
Interview with 14 8 Rising burnout rates in 36

Ralf Schneider, Allianz SE security teams
4 The hacktivist movement 18 Outlook 39

is gaining momentum
5 Disinformation-as-a- 22 About SoSafe 40

service
Introduction 3
In 2023, everything changed.

It’s time to prepare for
what’s to come.
The year 2023 was a turning point in our global narrative. Since OpenAI
announced the launch of ChatGPT-3 in November 2022, there has
been a surge of AI-driven innovation and a profound shift in how
we interact with technology. This evolution is particularly evident
in information security, where AI has emerged as a pivotal force, not
only strengthening cyber security defenses but also elevating the
sophistication of cyberattacks.
As we head into 2024, fueled by this unprecedented speed of

technological innovation, we face a confluence of challenges: AI’s
ever-growing involvement in cyberattacks, the double-edged sword
of emerging technologies like 5G and quantum computing, and
the maturing of cybercrime into a highly professionalized industry.
This context is further complicated by the rise of hacktivism and
cyberattacks amid global political crises and the rise of disinformation
campaigns, making threats more complex and far-reaching. All this
while cyber security professionals are battling burnout in the face of
these escalating threats.
With the likelihood of an attack resulting from human error expected

to increase in this threat landscape, a strong security culture is the only
hope we have. That’s why this report focuses on the eight cybercrime
trends for 2024 and provides security best practices to better prepare
against this diverse array of cyber threats.
1 AI’s growing role in cyberattacks:

A storm on the horizon
The widespread use of AI, which is expected to reach

over 300 million users in 2024 and an estimated 700
million by 2030, not only highlights the revolution
underway but also raises concerns about its broader
implications and security risks.1 And, inevitably,
deepfakes and voice cloning come into full focus
when addressing AI’s security challenges.
While bad actors have used both technologies for

some time, the recent proliferation of tools capable
of producing high-quality deepfake videos has
made this technology more accessible, leading to
an increase in its use, particularly in disinformation
campaigns and social manipulation (more about
this in the disinformation-as-a-service trend).2
Voice cloning is not lagging behind. A recent study

confirmed that one in four people have experienced a voice cloning attack or know someone who has.3
Police in Everett, Washington, have also warned of
an increase in financial scams using voice cloning
to defraud individuals.4 But while cybercriminals
1 in 4 mostly use these for financial scams, some of them

having even faked a young woman’s kidnapping,
it’s now also undermining MFA systems based on
people have experienced a voice cloning voice recognition.5 For example, earlier this year, a
attack or know someone who has journalist successfully accessed her bank account
using a recording of her own cloned voice.6 Although
Source: McAfee3 the journalist’s experiment posed no personal risk,
the broader threat is very real.
1
Statista (2023). Artificial Intelligence Worldwide.
2
News abp Live (2023). Deepfakes To Disinformation: Year 2023 Brought A New Era Of Digital Deception, Driven By AI.
3
McAfee (2023). Artificial Imposters—Cybercriminals Turn to AI Voice Cloning for a New Breed of Scam.
4
Fox 13 Seattle (2023). Everett Police warn of AI voice-cloning phone scam after case reported in Snohomish County.
5
CNN (2023). ‘Mom, these bad men have me’: She believes scammers cloned her daughter’s voice in a fake kidnapping.
6
The Wall Street Journal (2023). I Cloned Myself With AI. She Fooled My Bank and My Family.
AI’s growing role in cyberattacks: A storm on the horizon 5
But this is far from the only use cybercriminals are Recently, OpenAI introduced the ability to very easily
putting AI to. Advances in generative AI over the create a GPT – a chatbot that you can train to assist
past year have brought many new capabilities to you with a specific task in an even more accessible
key tools. Some of these, such as ChatGPT’s recent way than its dark web counterparts – without any
ability to read images, can be used maliciously. This coding or technical knowledge needed. While
includes the possibility of prompt injection, which personalized GPTs can be a valuable asset for many,
means that the tool will follow the instructions helping them with daily work tasks, we can also
or prompts contained in an image instead of the expect that in 2024, attackers will take advantage
instructions the user gave the tool when submitting of their capabilities and create personal hacking
the image.7 While this may seem harmless at first, assistants10 that specialize in creating highly
the possibilities for manipulating users through this convincing smishing texts, spear phishing emails,
tactic are endless. and polymorphic malware.11
This image-uploading capability has also raised

other concerns, such as the possibility of bypassing
CAPTCHA codes, one of the most well-known
safeguards against the unfair use of technology.
Until recently, hackers could not leverage AI
technology to read CAPTCHA, mainly due to the
ethical restrictions of the tools. However, Bing Chat
has proven to be able to decipher these codes when
prompted with a reasonable excuse or pretext, Computah mit Screenshot?
raising concerns among companies and websites
worldwide about the need to switch to other
security methods.8
And as technology advances, hackers are also

using it to build their own powerful AI tools based
on existing language models. This is how malicious
alternatives to ChatGPT, such as FraudGPT and
WormGPT, first appeared.9 However, until the end of
2023, the creation – not the use – of such tools was
limited to those with technical knowledge.
7
Windows Central (2023). CGPT-4 Vision: A breakthrough in
image deciphering unveils potential for ‘prompt injection
attacks’.
8
Digital Trends (2023). Bing Chat just beat a security check to
stop hackers and spammers.
9
ZDNet (2023). WormGPT: What to know about ChatGPT’s
malicious cousin.
10
BBC (2023). ChatGPT tool could be abused by scammers and
hackers.
11
HYAS (2023). Blackmamba: Using AI to generate polymorphic
malware.
The risk associated with AI can also stem from its

limitations rather than its capabilities. The ability
of advanced AI models to write code is a significant
advancement, widely adopted by up to 92% of
developers in and out of the workplace.12 However,
concerns are emerging about the reliability of AI-
generated code, with experts noting a tendency
to prioritize functionality over security, resulting
in significantly reduced code reliability.13 Some of
the security flaws include susceptibility to SQL
injections, hardcoded credentials, and the use of
insecure password hashing algorithms.14
But perhaps the most common AI limitation is a

phenomenon called “hallucinations,” where the AI
provides false or fabricated information. Hackers are
now exploiting these hallucinations to infiltrate
malicious files.15 Upon a user’s request, the tool will
“hallucinate” and recommend the names of non-
existent code libraries. Hackers will then create
malicious code libraries or packages under those
names and upload them to public repositories. This
way, the next time a user is recommended one of
these packages, they will download the malicious
code library uploaded by the hacker.
Considering the emerging threats from the use of AI

and the rapid pace of technological advancement,
it’s imperative that we identify and implement
robust methods to protect against these threats.
A proactive approach to cyber security is essential
to keeping both businesses and individuals safe in
an increasingly AI-driven world.
12
GitHub Blog (2023). Survey reveals AI’s impact on the
developer experience.
13
The Register (2023). Perhaps AI is going to take away coding
jobs – of those who trust this tech too much.
14
Nord Security (2023). ChatGPT and secure coding: The good,
the bad, and the dangerous.
15
Infosecurity Magazine (2023). New ChatGPT Attack
Technique Spreads Malicious Packages.
C H EC K L I S T Check AI-generated code before implementing it:

Even if you ask the tool to generate secure code, it is a good
idea to test its reliability using automated code review tools
Security or adopting a standardized set of security benchmarks.
best practices
Stay on top of the latest AI trends and adjust your
security strategy accordingly: Some security measures
may no longer be reliable as technology advances, so you
need to find alternative solutions to keep your organization
well protected. A dedicated task force or intelligence
unit within your organization focused on monitoring and
analyzing AI-based attacks and their impact on your
security posture may be a good place to start.
Leverage AI to strengthen your security: Incorporating

AI-powered tools can significantly enhance the analysis
of large data sets, leading to better anomaly detection
and more efficient real-time threat identification. By
integrating AI with SOAR (Security Orchestration,
Automation and Response), we can achieve automated,
intelligent decision-making and more responsive incident
handling. Additionally, using AI in no-code automation
allows for quick adaptation of security workflows to
keep pace with evolving threats. It’s also beneficial to
implement AI-based advanced authentication systems,
which continuously learn and improve security measures
while ensuring they align with your policies and ethical
considerations through consistent human oversight.
Use AI tools responsibly: Avoid entering personal

details and relying exclusively on the information
they provide. Remember that some of their answers
may be incorrect or outdated, so it is a good idea
to check the integrity of the information.
Be wary of suspicious voice or video messages: Even

when they appear authentic, if the content includes unusual
requests or suspicious statements, it’s advisable to reach
out through alternative means to verify their authenticity.
Educate your employees on the security threats

that AI can pose: They will be your best line of defense
if they know how to protect themselves and your
organization from threats. Also, teach them how to use
generative AI responsibly, protecting all sensitive data.
2 Beyond AI: All new technologies are

being exploited by cybercriminals
Even if it’s the innovation of the century, cybercrim And now, the same fate awaits emerging tech
inals aren’t just focusing on artificial intelligence. nologies like quantum computing. A critical
They’re broadening their horizons to exploit a range concept is “harvest now, decrypt later” (HNDL),
of emerging technologies. The goal is to widen where cybercriminals accumulate encrypted data
the attack surface and reach as much as possible. today with the expectation that future advances
That’s why each new technology becomes both a in quantum computing will allow them to decrypt
tool and a target for sophisticated cyber threats. it, potentially leading to unprecedented privacy
breaches, intellectual property theft, and exposure
However, this trend isn’t entirely new, as we’ve seen of national security secrets.3
a similar pattern in the past with other emerging
technologies like cloud technology. In recent years,
companies have shifted billions of dollars to cloud
storage and away from traditional data solutions.
And, of course, this transition hasn’t gone unnoticed
by cybercriminals. According to the CrowdStrike
Global Threat Report, attacks targeting cloud sys
tems nearly doubled in 2022, and the number of
hacking groups capable of launching such attacks
has tripled.1
The ransomware attack in Sri Lanka in early August

2023 was a stark illustration of this, as malicious
actors infiltrated the Sri Lankan government’s cloud
system by distributing infected links to government
employees.2 The attack wiped out four months
of government data because the country’s cloud
system lacked backup services.
1
CrowdStrike (2023). Global Threat Report.
2
Infosecurity Magazine (2023). Ransomware attack wipes out
Sri Lankan government data.
3
Tech Monitor (2023). Are harvest now, decrypt later
cyberattacks actually happening?
Beyond AI: All new technologies are being exploited by cybercriminals 9
Recognizing this issue, the UK’s National Cyber complex network design and local 5G deployments;
Security Centre wrote a white paper as early as supply chain threats from malicious hardware
2020 with advice on how to transition to quantum- and software; inherited weaknesses from legacy
resistant algorithms and the importance of starting infrastructure and untrusted components; limited
this process early to ensure security against market competition leading to reliance on potentially
potential quantum computing threats. However, the
4
insecure proprietary solutions; and an expanded
uncertainty surrounding the timeline for quantum attack surface introducing new vulnerabilities and
computing breakthroughs creates a complex risk increased risk of data breaches.5
landscape where organizations are balancing the
cost of adopting quantum-resistant measures early All these advances underscore a critical point:
against the risk of being unprepared for a sudden As these and other new technologies continue
advance in quantum computing capabilities. to evolve, so do the methods and targets of
cybercriminals. It’s a constant race, with each new
5G technology is another example of how new tech technological development providing a new op
nologies can be a double-edged sword, promising portunity for exploitation. As a result, cyber security
unprecedented connectivity and speed but also strategies must be agile and adaptive, evolving with
opening up new avenues for cybercriminals to these technological advances to mitigate the risks
exploit. The U.S. Cybersecurity and Infrastructure posed by these threats.
Security Agency (CISA) identifies the following risks
associated with 5G: increased vulnerabilities due to
4
National Cyber Security Centre (2020). Preparing for quantum-safe cryptography.
5
CISA (2023). 5G Security and Resilience.
Beyond AI: All new technologies are being exploited by cybercriminals 10
C H EC K L I S T Strengthen cloud security: Invest in comprehensive

backup and recovery systems for cloud storage
and maintain a routine of regular updates and
Security patches to protect against evolving threats.
best practices
Minimize the risk of encrypted data breaches:
Use micro-segmentation to protect data,
routinely rotate encryption keys based on
data classification, and ensure software and
security measures are consistently updated.
Adopt a crypto-agile approach: Be prepared

to quickly switch algorithms and cryptographic
methods as new threats emerge.
Secure 5G networks: Address vulnerabilities in

complex network designs and local deployments,
and ensure the security of the supply chain,
including hardware and software components.
Mitigate legacy infrastructure vulnerabilities:

Upgrade or replace legacy systems that may have
inherent security flaws, and incorporate security
considerations into the design of new technologies.
Monitor and adapt to emerging threats: Stay

informed about emerging cyber threats, adapt
strategies accordingly, and implement continuous
monitoring and real-time threat analysis.
Strengthen your team’s cyber security skills:

As with the AI trend, providing continuous training
and upskilling for both your security team and
the rest of your employees will prepare them to
rapidly respond and adapt to new threats.
3 Cybercrime will transform into an

even more highly professionalized
and profitable business
The professionalization of cybercrime continues to A concerning example of this happened in Maine

make steady progress and will reach a new level of in May 2023, when a ransomware group exploited a
maturity by 2024. This escalation is driven, in part, by vulnerability in MOVEit, a file transfer program used
the availability and expansion of ransomware-as- by state authorities. The attackers stole data from
a-service (RaaS) offerings. Last year, we showed 1.3 million people, including names, birth dates,
how these sophisticated tools not only lower the insurance numbers, driver’s license numbers, and
barrier of entry for potential cybercriminals but also other state and tax identification numbers.3
represent a significant shift in the attack complexity
and impact. But this sector is not the only one affected. MGM
Resorts, one of the world’s leading casino hotel
Over the last year, this landscape has evolved rapidly, chains, was the target of an attack by hackers from
to the extent that in 2023, the number of ransomware ALPHV subgroup Scattered Spider in September
victims doubled compared to April 2022. This alarming
1
2023.4 The attackers used social engineering
increase underlines that ransomware remains the methods by identifying an employee via LinkedIn and
most damaging, costly, and prevalent cyber threat then calling the help desk. A 10-minute conversation
to EMEA organizations.2 was enough to compromise the billion-dollar
company. The cyberattack on MGM Resorts led to
This development is clearly reflected in the increasing major disruptions, paralyzing ATMs, slot machines,
targeting of ransomware attacks. As we will discuss and shutting down their website and booking
later in the report, there is a clear trend toward systems. It’s expected to lower third-quarter profits
targeted attacks on the public sector and critical by about $100 million, with an additional $10 million
infrastructure, particularly healthcare, education, spent on recovery, including tech consulting, legal
and government organizations. The reason is they fees, and other external consultant expenses.
often lack security resources and are more likely to
pay a ransom to maintain essential services and
protect sensitive information.
1
Black Kite (2023). Ransomware threat landscape report.
2
Gulf Business (2023). Cybersecurity 2023: Threats
proliferate but best practice still works.
3
Mashable (2023). An entire state’s population just had its
data stolen by a ransomware group.
4
TechCrunch (2023). MGM Resorts confirms hackers stole
customers’ personal data during cyberattack.
Cybercrime will transform into an even more highly professionalized and profitable business 12
“
On average, it takes about 23 days
to resume basic operations after
a devastating ransomware attack.
Restoring the entire system to full
The professionalization of cybercrime extends
beyond RaaS to emerging technologies like voice
cloning. Voice-cloning-as-a-service (VCaaS) has
become a significant threat, as we saw with the AI
trend, allowing even low-skilled cybercriminals to
engage in sophisticated impersonation schemes.7
With platforms like ElevenLabs allowing users to
functionality can take months. create custom voice samples, the barrier to entry in
cybercrime continues to drop.
Inge van der Beijl Considering this rise of professional, complex

Human resilience enabler and threat actor cyberattacks, the importance of supply chain
communications expert at Northwave, at the
security is clearer than ever. Outsourcing services
Human Firewall Conference 2023
is increasingly necessary, but it also creates new
vulnerabilities as cybercriminals infiltrate corpo
rate networks through partners or suppliers. An
This growing aggressiveness of cybercriminals is example of this happened to Airbus in 2023. Hackers
particularly evident in their tendency to intensify compromised one of their customers, Turkish
ransom tactics. They are increasingly using double Airlines, leading to a significant loss of data from over
extortion tactics, in which they encrypt data and 3,000 suppliers.8 In this context, we are only as strong
threaten to publish it at the same time. Although as our weakest link. Disregarding the security of our
not new, this method has become more common in suppliers, partners, and customers is no longer an
the past months. Some hackers are even pursuing
5 option if we want to stay safe.
triple extortion, where they add another layer
of attacks like DDoS, and quadruple extortion, The prognosis for the future is clear: Cybercrime is
exerting additional pressure on customers, suppliers, on the verge of becoming an even more profes
and employees of the attacked company. For sional and profitable business. This trend can no
example, after hardware vendor Quanta Computer longer be ignored or underestimated. Now is the
failed to meet the ransom demands of the REvil time for organizations to invest in their security
group, attackers turned their attention to Apple, as the developments of recent years are just the
one of Quanta’s customers. The group not only
6 beginning of an emerging future in which cybercrime
threatened to release Apple’s confidential product will develop ever more sophisticated methods to
blueprints taken in the attack but also sought to achieve its goals.
intensify pressure by timing the disclosure with
Apple’s product launch, leveraging the public and
media attention to maximize the impact.
5
TechCrunch (2023). Why extortion is the new ransomware threat.
6
Bloomberg (2021). Apple targeted in $50 million ransomware hack of supplier Quanta.
7
Recorded Future (2023). I have no mouth, and I must do crime.
8
The Register (2023). Airbus suffers data leak turbulence to cybercrooks’ delight.
Cybercrime will transform into an even more highly professionalized and profitable business 13
C H EC K L I S T Build a resilient infrastructure against ransomware:

Develop a comprehensive security posture that includes
both preventive measures and robust response plans.
Security This should integrate advanced threat detection systems,
best practices such as AI-driven anomaly detection, and adopt a zero-
trust architecture to enhance security. Conduct regular
security audits and develop effective disaster recovery
plans. Also, continually revise backup strategies and
ensure you have a tested incident response plan in place
to respond effectively and quickly in the event of a breach.
Dealing with zero-day vulnerabilities: Develop strategies

to respond quickly to zero-day attacks. This includes
setting up patch management to efficiently distribute
software updates and close vulnerabilities promptly.
Protection against social engineering and phishing

attacks: Train your employees to make them aware
of the risks of social engineering attacks, particularly
those tactics used by ransomware groups. Ongoing
training through micro-modules and phishing
simulations can raise awareness and help them
recognize potential threats. Incorporating gamified
and personalized learning experiences will increase
engagement and retention of security knowledge.
Strengthen supply chain security: Review and secure

your supply chain. This includes the security protocols
of your partners and suppliers and implementing
strict access controls and monitoring systems.
Improve data security and integrity: Implement advanced

encryption techniques and take a layered approach
to data protection by adopting data-centric security
frameworks and data loss prevention (DPL) technologies.
This helps minimize the risk of data leakage and theft.
Use threat intelligence and analytics: Use threat

intelligence to identify and analyze current and emerging
threats. This helps to take preventative measures and
improve responsiveness in the event of an attack.
INTERVIEW
Ralf
Schneider
Allianz Senior Fellow and Head of Cyber Security
and NextGenIT Think Tank
Ralf Schneider’s impressive career in IT and cyber security spans more than
two decades, marked by his long tenure at Allianz, where he served as Group
CIO for 13 years. He has also served as a board member for Allianz Managed
Operations & Services and recently took on the role of Allianz Senior Fellow
and Head of Cybersecurity and NextGenIT Think Tank. He holds a PhD in
computer science from the Ludwig Maximilian University in Munich.
“
Criminals need ever fewer skills and organizational
power to launch a highly effective attack, and that
is going to be a huge problem for us.
What brought you to the field of information to be secure. There was no question that cyber
security? security would become a major topic for us.
I started out in this field when I was appointed When the Snowden disclosures came out in 2013
Group CIO of Allianz in January 2011. With 3,000 and Mrs. Merkel’s cell phone was hacked, we saw
offices and 63 business units around the world, I that cyber security was increasingly becoming a
quickly learned that we needed a communication hot-button issue. In addition to the infrastructure
infrastructure that included video conferences. network, data center, and virtualized workspace,
We had to build our IT such that we could access IT we established the Cyber Security Infrastructure,
resources with any device worldwide. To do this, Global Identity and Access Management, Global
you need a network infrastructure, a consolidated Privilege Access Management, and the Allianz
data center so that the applications work globally, Cyber Defense Center on a global scale in 2013.
and a virtualized end workspace – all of which have
Interview: Ralf Schneider, Allianz SE 15
How do you assess the current threat for the worst-case scenario. Right now, we’re
landscape, and how will it develop in the benefiting from the fact that this big scaling hasn’t
coming years? happened yet. With each attack – successful or
otherwise – we learn and are able to improve our
Since the war in Ukraine began, it became clear to
line of defense. But the risk isn’t just in the quantity
us that we’re in the midst of a cyber war. In cyber
but also in the concurrence that AI allows. Such
security, we’re facing state, military, and highly
simultaneous scaling attacks will become the
sophisticated criminal actors. Cybercriminals are
challenge in the future.
constantly honing their skills and becoming more
organized. On top of that, they’re turning the
industrialization of cyberattacks into criminal big
How do you feel we can keep pace with the
business.
rapid developments in the threat landscape?
Then there’s a third component. Cyber security
In short, proper cyber hygiene and keeping an eye
tends to go through cycles. DDoS was a core issue
on the latest threats. Cyber hygiene has to be
in 2013 before disappearing, and now it’s back
established from the ground up, which is a major
again. We need to expect the focus to return to
challenge. I don’t think there’s a way around multi-
activists and hacking kits, including those powered
factor authentication. Before you drive off in your
by AI. Criminals need ever fewer skills and organi
car, you have to buckle up. Before you start surfing
zational power to launch a highly effective attack,
the web, you have to undergo multi-factor authen
and that is going to be a huge problem for us.
tication. At Allianz, we implemented multi-factor
Instead of focusing on just a few groups, we’re
authentication during the coronavirus pandemic
looking at hundreds, if not thousands.
because of the prevalence of remote work.
The fact that the gap between rich and poor is
And the most important way to keep up with the
growing makes the situation even more grave. You
speed at which threats are developing is working
don’t have to be a professional athlete to earn a lot
well and comprehensively from the very start and
of money these days. You can also become a hacker.
then staying on the market. We’re currently renew
The good thing is that we’re always getting better
ing our Cyber Defense Platform and augment it
at defending ourselves.
with AI. Now, the big task is integrating it and using
it in the wild, but that’s where we’re investing.
Ultimately, it all comes down to the human factor –
You mentioned the spike in generative AI. Do
finding the right people and giving them the op
you think that technology like deep fakes
portunity to learn independently. If you don’t have
and voice cloning will turn into a mass
any capabilities or awareness in your company, all
problem?
“
the technology in the world will only take you so far.
Voice cloning and similar methods are very big
right now, but I think there’s another risk to them
as well. It’s no longer about finding a security flaw
or identifying an individual as a weak point. It’s Ultimately, it all comes down to the
about the response, meaning the disabling and
human factor. Finding the right people
circumvention of detection tools. That’s where
there will be a big increase in the use of AI.
and giving them the opportunity to
learn independently. If you don’t have
Besides AI augmented sophisticated attacks, I
any capabilities or awareness in your
don’t see any major dangers of automatic AI based
attacks right now because AI still makes too many
company, all the technology in the
mistakes, and it has to be used properly. But we’re world will only take you so far.
still in the early stages, and we should be preparing
Another cybercrime trend is digitalization, IT systems are built and operated by people, so
and everything is becoming more you have to know the people and their awareness
“
interconnected. What risks do you see of secure IT.
here regarding cyber security?
Operating a website without being protected from

the fundamental threats by a proxy shield is very
risky. Every company needs a good proxy shield, We’re being attacked by people who
and that comes at a price. use AI, and so we need people who use
AI to defend us. These people need
Everything is interconnected and at light speed so
to speak. On top of that, it’s all operated by software to be trained and have the proper
that can perform actions in milliseconds. Monitoring understanding and knowledge.
and control aren’t possible without automation –
but we can’t expect AI to do everything for us.
We’re being attacked by people who use AI, and so On the topic of awareness training, how
we need people who use AI to defend us. These do you view the evolution from a mere
people need to be trained and have the proper compliance requirement to a continuous
understanding and knowledge. In addition, the measure that enables people to become
contact points for the IT systems aren’t just a line of defense?
machines but are usually people. Each of these
In our current age of digitalization, IT can no longer
contact points has to be monitored and secured
be just functional – it also has to be secure and
against attacks.
compliant. But not everything that’s good for
compliance is automatically increasing the security
level. Awareness is a good example. You implement
The question is, should companies seal up
an awareness program through web-based training
their technical vulnerabilities first and then
and check off your compliance requirements, and
focus on people or the other way around?
the regulator is satisfied. You still haven’t become
Do you have a holistic strategy for including
any more secure if the users are not empowered.
the human factor?
This is when employee enablement comes into
If you run head-first into every battle, you’re going
play. We learned early on that you have to take an
to lose. If you know your enemy, you might lose half
entertaining approach to awareness, and not
the time. But if you know both your enemy and
apply so much pressure. You also have to pick the
yourself, you have a good chance at winning every
right time to train them. It’s ideal when I’ve just
time. Cyber security is a game of attack and de
received a phishing campaign or a real phishing
fense. We started in 2013 with two controls that
email. The next challenge is keeping people’s
we rolled out on a comprehensive scale. We began
attention, and SoSafe’s Phishing Report Button is
with awareness and large-scale coverage against
an extremely useful tool. If employees are unsure
DDoS and securing mobile end devices, followed
whether they’ve just received a real phishing
by all the layers like the Protection, Detection,
email or not, they can use the button to tell them
Response, and Recovery Layer.
if it’s a phishing attack and how to identify it. The
Two thousand years of wisdom have taught us in learning success here is immense. Plus, there’s
an attack and defense scenario that you have to the fun factor and the motivation that stem from
know the enemy and yourself. So in our days it people learning on their own and being able to use
comes down to knowing the threat landscape and the Phishing Report Button as a sort of assistant.
your own IT systems, networks, and vulnerabilities. Users can directly apply what they have learned,
You can’t defend something you aren’t aware of. which is an immediate reward.
IT teams are under all sorts of pressure Attacks – that we grade with a color system of red,
regarding both defense and security orange, yellow, light green, and green so that we
awareness training. What do you think could can visibly evaluate the success of our measures.
be potential measures for taking some of Just like blood pressure, pulse, and cholesterol
the onus off of IT teams? levels, our eight health indicators have to fall within
a certain range.
We have to ask where the problems truly lie –
conducting crisis drills at every level, up to top-level Two of these indicators have proven particularly
management and the board. We’ve been regularly effective. One is our zero tolerance against toxic
doing that at Allianz for years. Various psychological components, where security patches are not avail
factors play a role here, starting with the fact that able anymore. This led to us tracking down all our
people don’t like to show that they are unable to outdated, insufficiently protected applications. We
do something. Secondly, the benefits of the time also started automating, analyzing all obsolete
they have invested have to be clear from the start databases and operating systems, identifying toxic
and manifest quickly. After all, awareness training components, and systematically renewing our
costs money and resources. entire IT system. The zero-tolerance component
was implemented for security reasons, but it goes
One of the core challenges lies in making the
far beyond that. The second effective indicator is
urgency of cyber security palpable and tangible for
our Awareness Score, which we use to measure
top-level management in all business units. When
global phishing campaigns. We log click rates and
it comes to business goals, IT has to be functional
how many people report a harmful email.
and secure at the same time. Unless something
gravely serious happens, it’s hard to tell whether
the measures you’ve implemented have made you
In a past interview, you said that hierarchical
more secure than before. Proving the efficacy and
structures in companies can impair cyber
removing distrust is very difficult because you
security. What do you mean by that?
can’t prove that you’re more secure than before –
a very convincing way is attack simulations that External attacks conducted with tools can only be
have to show that you are getting faster, more prevented with experts who have the tools to
efficient, and more effective at defending your match. Security experts have to decide what needs
organization. to be done. The executive level has to have an eye
on everything and provide resources, initiatives
and support at the right time. Yet this is done “on
Do you think there are KPIs that might be site,” so autonomy is required as well. Management
more convincing for top-level management? lays the groundwork, provides the resources for
effective cyber defense, and brings security experts
At Allianz, we have six cyber security health indica
together with internal and external partners.
tors based on the NIST standard – Govern, Identify,
Prevent, Detect, Response, Recover against Cyber
“
Security experts have to decide what needs to be
done. The executive level has to have an eye on
everything and provide resources, initiatives and
support at the right time.
4 Digital dissent and deception:

The dual faces of hacktivism and
cybercrime in a fragmented world
The intricate threat landscape extends beyond example of this is the attack by the Ukrainian group
individuals pursuing financial or personal gain. Cyber.Anarchy.Squad against Infotel JSC, a critical
Escalating political and social tensions are fueling Russian telecom provider that is integral to the
the rise of another significant faction in the digital functioning of major Russian banks and financial
sphere: hacktivists. Motivated by a desire to express institutions.3 This attack had a significant impact,
dissent or support for causes like armed conflicts or disrupting many Russian banking systems and
social injustices, these individuals exploit vulner preventing them from processing online payments
abilities and security loopholes to make their for several hours.
statements – a situation that is intensifying with
each passing month. The more recent conflict between Israel and Gaza
also highlights the escalation and further implica
According to the latest Motorola report, hacktivism tions of this threat. Shortly after the conflict
increased 27% in the third quarter of 2023. A stark1
started, Anonymous Sudan carried out their first
example of this trend is the pro-Russian hacktivist cyberattack, targeting Israel’s emergency warning
initiative DDoSia. They are known for orchestrating systems and claiming to disable alert applications
attacks against Western entities, which experienced that notify civilians of incoming rockets.4
a dramatic surge in participation in 2023, with its
membership skyrocketing by 2,400% and amassing
45,000 subscribers on their main Telegram channel.2
The ongoing conflict between Russia and Ukraine,

now in its second year, is a reminder of how modern
conflicts have turned into hybrid wars fought in both
physical and digital arenas. Within this framework,
both hacktivists and state-sponsored entities are
leveraging cyberattacks as a key component in their
extensive toolkit of modern warfare. A significant
1
Motorola Solutions (2023). New Report Outlines Q3 2023
Cyber Threats to Public Safety.
2
Bleeping Computer (2023). Pro-Russia DDoSia hacktivist
project sees 2,400% membership increase.
3
Bleeping Computer (2023). Ukrainian hackers take down
service provider for Russian banks.
4
Security Week (2023). Hackers Join In on Israel-Hamas War
With Disruptive Cyberattacks.
Digital dissent and deception: The dual faces of hacktivism and cybercrime in a fragmented world 19
Almost simultaneously, KillNet focused on dis

rupting several Israeli government websites. As
retaliation for these and several other attacks, the
Indian-based hacktivist group Indian Cyber Force
sided with Israel and brought down the websites
28 %
of Hamas, Palestine National Bank, Palestine increase in cyberattacks against law
Web Mail Government Services, and Palestine enforcement, with hacktivism as one of
Telecommunications Company.5 the major contributing factors.
But hacktivism extends beyond warfare and Source: Motorola Solutions 8

political tensions to include various social causes.
For example, Anonymous Sudan launched a cyber
attack on Scandinavian Airlines early last year.6 This in the Russia-Ukraine conflict, they are now setting
was in response to the public burning of the Holy up fraudulent charity websites to capitalize on
Quran by a far-right nationalist group outside the the altruism of individuals who want to help in the
Turkish embassy in Stockholm. The attack caused Gaza crisis.9 And this is not all. State-sponsored
significant problems in the airline’s online system, cybercriminals are adding to the mix, as seen
exposing passenger data, including contact in the ‘WildCard’ hacking campaign, targeting
information, past and future flight details, and Israeli institutions with sophisticated malware like
partial credit card numbers. ‘SysJoker.’10 All this makes it increasingly difficult
for organizations to identify who is targeting them
Later in 2023, the VulzSec hacking group claimed in each attack. It also creates a very complex threat
to have compromised and leaked sensitive French landscape in which different actors, each with their
police data in retaliation for police brutality. This 7
own motives, are operating.
exposed 7,092 branch data records and the profiles
of 30 police officers. This incident underscores a As global tensions continue to escalate with no
broader trend: a significant 28% increase in cyber end in sight, an increase in hacktivist attacks in
attacks against law enforcement, with hacktivism 2024 appears almost certain. In this context, both
as one of the major contributing factors.8 hacktivists and cybercriminals are key contributors
to the instability of the cyber world. They operate
However, it’s important to remember that hack in a sort of adversarial synergy, each exploiting
tivists are not in it for the financial gain. They are vul
nerabilities revealed by the other’s actions.
committing cybercrime to advance the causes they This interplay creates a dynamic and perpetually
believe in. On the other side, some cybercriminals evolving environment of cyber threats, reflecting
take advantage of any social instability for their the complexity and unpredictability of the digital
own ends. For example, mirroring the tactics seen landscape.
5
CSO (2023). Israel-Hamas conflict extends to cyberspace.
6
Bleeping Computer (2023). Scandinavian Airlines says cyberattack caused passenger data leak.
7
The Cyber Express (2023). Cyber Attack on French National Police: VulzSec Hacking Group Claims to Leak Sensitive Data.
8
Motorola Solutions (2023). New Report Outlines Q3 2023 Cyber Threats to Public Safety.
9
InfoSecurity Magazine (2023). Cyber-Criminals Exploit Gaza Crisis With Fake Charity.
10
Cyberscoop (2023). Shadowy hacking group targeting Israel shows outsized capabilities.
C H EC K L I S T Build redundant network infrastructure: Having

multiple data paths can help maintain availability even
under a DDoS attack. This includes having additional
Security servers, alternative data centers, or cloud services. If
best practices one path is compromised or overloaded, the traffic can
be rerouted to another, maintaining service continuity.
Regular stress testing: Conduct stress tests on your

infrastructure to understand how it behaves under high
traffic loads. Using red team exercises to simulate real-
world attack scenarios can be very useful in these tests.
Implement rate limiting, scrubbing services,

and bandwidth overprovisioning: These strategies
allow you to control the amount of traffic a server
accepts over a given period, filter out malicious traffic,
and maintain a higher bandwidth capacity to handle
sudden spikes in traffic.
Regular data backup and off-site storage: Regularly

back up critical data and store it off-site or on a cloud
platform to reduce the risk of losing it all if the primary
site is compromised. It’s advisable to adopt the use of
immutable backups and to adhere to the 3-2-1 backup
rule, which involves maintaining three total copies of
data – two local copies on different devices for easy
access and recovery and one copy stored off-site for
additional security.
Network segmentation: Segment your network

to limit the spread of malware. If one segment
is compromised, it won’t necessarily affect the
entire network. Using micro-segmentation is
recommended for enhanced granularity and
protection of sensitive data within segments.
User privilege restrictions: Implement least privilege

access policies, granting users only the permissions
necessary for their job roles. This approach, a key
component of the Zero Trust network architecture,
effectively minimizes the risk of internal threats. Make
sure to regularly review and update these permissions.
C H EC K L I S T Web Application Firewall (WAF): Implement a WAF

to monitor traffic to and from a web application.
This helps prevent unauthorized changes to
Security the website. WAF can be integrated with other
best practices security tools and is recommended to create a
unified threat management system. Additionally,
consider using advanced WAFs that incorporate
machine learning since they can provide dynamic
adaptation to emerging and evolving cyber threats.
Strong authentication measures: Enforce robust

password policies and implement multi-factor
authentication (MFA) for an additional layer of
security, especially for accessing sensitive systems
and the website backend. When possible, use
passwordless authentication technologies and
biometric verification to further enhance security.
Monitoring and alerting systems: Use monitoring

tools to keep an eye on network traffic, system
performance, and access logs. Also, use
Security Information and Event Management
(SIEM) systems and Security Orchestration,
Automation, and Response (SOAR) systems for
comprehensive monitoring, analysis, and automated
responses. Set up alerts for unusual activities or
changes, enabling the Security team to respond
promptly to potential security incidents.
5 Disinformation-as-a-service:
An extremely potent tool in the
arsenal of hackers
In the years since the Cambridge Analytica scandal,

disinformation campaigns have played a significant
role in exacerbating social polarization. This tactic,
which involves the deliberate spread of false
information, is increasingly being used by many
different actors to manipulate public opinion, damage
reputations, and influence business and political
landscapes.1 However, 2023 marked a turning point
in these campaigns, as the rise of generative AI
raises concerns about a world where manipulative
content is so cheap and easy to produce at scale
that it becomes nearly impossible to distinguish
between authentic and artificial narratives.
A key platform to showcase the impact of disinfor

mation campaigns is the US presidential elections.
During the 2016 election, misinformation spread
widely on social media, fueled by far-right activists,
foreign interference, and fake news sites. In
2020, the election was inundated with conspiracy disinformation on social media.3 The audio, which
theories and unsubstantiated voter fraud claims, reached thousands of users, featured Monika
reaching millions and spurring an anti-democratic Tódová, a well-known journalist, and Michal
movement. Looking ahead to the 2024 election,
2
Šimečka, the leader of the Progressive Slovakia
there are escalating concerns about how the latest party, discussing election fraud. Despite immediate
advances in AI could potentially be used to create denials of the authenticity of the conversation by
more sophisticated forms of misinformation, those involved, and confirmation of its inauthenticity
deepfakes, and targeted propaganda campaigns. by several fact-checking organizations, the spread
of the video was significant because of its timing.
In fact, this potential danger to democracy was It was released during a 48-hour period of silence
already seen in the Slovakian elections, where an before the election, making it difficult for media
AI-produced deepfake audio was used to spread organizations and politicians to publicly refute it.
1
The New York Times (2021). Disinformation for Hire, a Shadow Industry, Is Quietly Booming.
2
The Guardian (2023). Disinformation reimagined: how AI could erode democracy in the 2024 US elections.
3
Wired (2023). Slovakia’s Election Deepfakes Show AI Is a Danger to Democracy.
Disinformation-as-a-service: An extremely potent tool in the arsenal of hackers 23
In this context, disinformation-as-a-service (DaaS) reputation of a corporation. This was evident in the
represents a significant shift in the scale and case of Wayfair, where conspiracy theorists linked
sophistication of misinformation efforts. This new to QAnon exploited the chaos of the pandemic to
model of information warfare enables individuals tarnish the retailer’s reputation.7 Using platforms
and organizations to purchase and disseminate fake like Twitter, Instagram, and Reddit, they spread
news and misinformation campaigns with unprece false claims that Wayfair was involved in child
dented ease. Powered by the rapid advancement of sex trafficking. Despite the company’s efforts to
generative AI and a network of professional trolls, refute these allegations, the lies persisted online,
bots, and sophisticated online manipulation tools , 4
demonstrating the significant reputational risks
DaaS has democratized the ability to conduct that companies face from such disinformation.
misinformation campaigns in the same way that
RaaS has done with ransomware attacks – a CEOs are also prime targets for deepfakes because
revolution that cybercriminals and hacktivists will maintaining a public profile is part of their job.
undoubtedly exploit. Since they regularly speak on earnings calls, at
shareholder meetings, and in television interviews,
This means that 2024 will experience a surge in both it’s not hard for cybercriminals to obtain audio and
politically and financially motivated disinformation video clips of them. And, we’ve already seen in the AI
campaigns that will likely target a wide range of trend what they can do with this material.
sectors, including healthcare, finance, technology,
education, and media. On the one hand, hacktivists With the escalation of disinformation campaigns
and state-sponsored cybercriminals will continue to threatening the global information landscape, orga
destabilize governments and political organizations nizations are becoming increasingly aware of the
with misinformation to influence public opinion and risks they pose, including significant financial losses
gain more support for their causes. An example of and long-term reputational damage. Therefore,
this happened in 2023 with the spread of a deepfake as these tactics become more sophisticated and
image showing Atlético de Madrid supporters ubiquitous, organizations will need to develop
displaying a Palestinian flag, a misleading narrative robust countermeasures to protect their integrity
that gained significant traction online. Some of 5
and maintain public trust.
these attacks will have even wider economic impli
cations to the extent of even influencing the stock
market. This already happened in May 2023, when a
fake image of an explosion near the Pentagon was
widely shared on social media and disseminated by
various media outlets, including the Russian state
news agency RT, causing a brief market sell-off as
fear spread.6
On the other hand, financially motivated cyber

criminals will seek to destabilize organizations and
companies in various ways. At very low cost using 4
Hackernoon (2022). Disinformation-as-a-Service: Content
Marketing’s Evil Twin.
DaaS, they will use disinformation in sophisticated
5
Reuters (2023). Fact Check: Image of Atletico Madrid fans
phishing and social engineering attacks, where
holding giant Palestinian flag is fake.
they will profit from spreading disturbing news about
6
The Independent (2023). Fake AI image of Pentagon exploding
an organization to exploit individuals’ emotions goes viral on Twitter and causes US markets to plummet.
of fear and urgency. But that’s not the end of it. 7
The Globe and Mail (2023). Disinformation campaigns,
Disinformation campaigns by different actors that including those using AI deepfakes, are creating risks for
corporations.
are widely shared externally can also damage the
Disinformation-as-a-service: An extremely potent tool in the arsenal of hackers 24
C H EC K L I S T Create a crisis communications team:

Establish a rapid response team that
specializes in crisis communication,
Security capable of countering disinformation
best practices quickly with factual information.
Promote vigilance and reporting:

Companies need to create an
Evaluate potential threats: It is environment where employees are
important for organizations to regularly alert and ready to report anything
evaluate their susceptibility to unusual they encounter online, such
disinformation campaigns. This involves as misleading news, deepfake images,
a robust threat modeling approach or altered video or audio content. Also,
that not only assesses the likelihood of employees need to feel comfortable
being targeted but also considers the reporting these incidents without fear
potential impact such campaigns could of judgment. For this, implementing
have. Additionally, employing tools for an easy-to-use, anonymous reporting
sentiment analysis and trend monitoring system that employees can use to flag
can help in analyzing public opinion and instances of disinformation safely and
trends, thereby enabling organizations without fear of reprisal is crucial.
to anticipate and strategize effectively
against potential disinformation threats. Automate the tracking of social media:
Keep an eye on social media for traces of
Educate and train employees: DaaS operations, checking for counterfeit
Equip employees with knowledge news, manipulated images, and fake
of disinformation campaign tactics audio clips. A joint effort with the PR and
and the potential impact on the marketing teams is key to achieving this.
organization. Teach them how to fact- There are also AI-driven social media
check information, identify credible monitoring tools that can detect and
sources, and use critical thinking to flag potential disinformation in real-
question the validity of content they time, allowing for immediate action.
encounter. Establishing a culture
of skepticism and verification can Collaborate on threat intelligence:
strengthen the organization against Engage with external cyber security
the effects of misleading information. networks, including partnerships with
industry peers, government entities,
Enhance internal communication: and global cybersecurity alliances,
Strengthen internal communication for shared insights on disinformation
channels to swiftly address and mitigate trends and best practices.
the spread of false information. Using
communication tools like Sofie Rapid
Awareness, SoSafe’s integration with
MS Teams, enables you to quickly
notify your employees whenever
you identify a fake disinformation
campaign about your company.
6 2024: A year of security challenges

for the public sector and critical
infrastructure
While hacktivism is a well-known threat to public

sector institutions, this is only one aspect of the
broader challenges they face. The public sector must
also contend with threats from state-sponsored
cybercriminals and independent hackers, who aim
for data destruction, disruption, financial gain, and
“ Cyber is a geopolitical
instrument of power and a new
attack vector that states use to
pursue their own ends.
espionage – all of which have serious consequences.
In fact, IBM’s Cost of Data Breach 2023 states that
the average cost of a cyberattack in the public
sector escalated to an alarming $2.60 million.1 Dr. Katrin Suder
Strategy Expert (digital technologies,
The digitalization of sensitive information in public business & politics)
sector entities, along with the critical services they

provide, makes the public sector an attractive
target for cybercriminals seeking sensitive data
and service disruption. In 2022 alone, the number sector knows this well. Last year, the cost of a
of nation-state cyberattacks that specifically successful data breach in the education sector
targeted critical infrastructure increased from was $3.65 million.3 In 2023, we saw how the hacking
20% to 40% worldwide.2 This increase is largely due group Vice Society leaked sensitive information
to state-sponsored attacks coming from Russia’s from Pates Grammar School in England, including
conflict with Ukraine. With the Ukraine conflict still child passport scans, staff pay scales, and contract
active and other conflicts like the Gaza-Israel war, details.4 Several other attacks followed across Europe,
we expect this trend to continue through 2024, with hackers taking down several internal networks
further complicating the threat landscape. and IT infrastructures at French5 and German6
universities and even launching a DDoS attack on
The depth of valuable information these organiza a Greek high school’s online examination platform7,
tions hold is a goldmine for many, and the education interrupting the normal functioning of exams.
1
IBM (2023). Cost of a Data Breach 2023.
2
Microsoft (2022). Digital Defense Report 2022.
3
IBM (2023). Cost of a Data Breach 2023.
4
BBC (2023). Schools hit by cyber attack and documents leaked.
5
The Record (2023). Aix-Marseille, France’s largest university, hit by cyberattack.
6
The Record (2023). Cyberattack on German university takes ‘entire IT infrastructure’ offline.
7
The Record (2023). Cyberattack disrupts Greek national high school exams.
2024: A year of security challenges for the public sector 26
and critical infrastructure
Public administrations around the world are also

under immense pressure from the growing threat
of cyberattacks. One notable incident occurred in
July 2023, when Kenya’s eCitizen portal, a critical
digital gateway, was crippled by a cyberattack.8 This
disruption rendered more than 5,000 government
services inaccessible online, affecting essential
functions like passport applications, visitor visas,
driver’s licenses, ID cards, and health records. In
addition, the attack had a broader impact, disrupting
mobile banking and transportation services, which
demonstrated how interconnected and vulnerable
modern systems are.
This incident underscores a stark reality: In today’s

complex geopolitical landscape, governments at all
levels – local, state, and federal – are vulnerable to
cyber threats. Such attacks can have far-reaching
consequences, compromising not only sensitive
data but also public safety. The potential impact is
not limited to service disruptions. It extends to the
risk of compromising critical infrastructure, causing
economic turmoil and even endangering lives. In
addition, the aftermath of these attacks often in
volves a costly and time-consuming recovery process
that strains public resources and trust. This increased
vulnerability is particularly evident in the healthcare
sector, where data integrity and availability are
critical. The ENISA Threat Landscape: Health Sector
report reveals that nearly half of the ransomware
attacks on public healthcare organizations result
in data breaches or leaks.9 One notable example
occurred last March at Spain’s Hospital Clinic de
Barcelona, where a ransomware attack forced the
cancellation of 150 non-emergency surgeries and
approximately 3,000 patient check-ups in three
centers and several external clinics.10
8
BBC (2023). Kenya cyber-attack: Why is eCitizen down?
9
ENISA (2023). ENISA Threat Landscape: Health Sector.
10
AP News (2023). Cyberattack hits major hospital in Spanish
city of Barcelona.
2024: A year of security challenges for the public sector and critical infrastructure 27
These attacks on healthcare organizations have outdated technology, and understaffed teams.
been on the rise across Europe this past year. Public organizations often do not have the resources
In December 2023, the German hospital network to implement sufficient preventative security mea
Katholische Hospitalvereinigung Ostwestfalen (KHO) sures. For example, according to the ENISA report’s
was hit by ransomware, causing disruptions at three findings, only 27% of healthcare organizations have
hospitals. Earlier in the year, a hospital in Brussels
11
a dedicated ransomware defense program, and 40%
was hit by a cyberattack that forced it to divert do not have a security awareness program for non-
ambulances to other hospitals. In this case, the
12
IT staff.13 To address this, it is essential to implement
hospital’s IT operations were fully functional one day preventative measures – such as security audits
after the attack, thanks to the emergency plan the and a Zero Trust Architecture – and build a security
hospital had put in place before the attack. This shows culture through personalized awareness training
the importance of prevention and rapid response that meets the needs of each organization. This
to these scenarios. is critical not only for their protection but for the
security of everyone because these organizations
Unfortunately, recovering quickly from cyberat serve and belong to the public.
tacks is not common but a challenge for public
sector entities, largely due to insufficient budgets,
11
Security Affairs (2023). Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network.
12
The Record (2023). Hospital in Brussels latest victim in spate of European healthcare cyberattacks.
13
ENISA (2023). ENISA Threat Landscape: Health Sector.
2024: A year of security challenges for the public sector and critical infrastructure 28
C H EC K L I S T Analyze and quantify risks: Make risk analysis and

risk management a core part of business operations.
This should be a regular practice, especially when
Security implementing new technologies or planning
best practices business operations. Cyber risk assessments are
crucial for establishing a baseline for risks, ensuring
compliance, and maintaining data integrity.
Establish leadership in digital transformation:

Public sector leaders should consider appointing
a department head who understands the
importance of digital transformation, such as a
Chief Information Security Officer (CISO). This role
is pivotal in steering digital security strategies.
Implement a Zero Trust Architecture (ZTA):

This approach means not granting implicit trust
and rigorously verifying each request as if it were
coming from an open network. Adopting a Zero Trust
Architecture is especially important in light of the rising
number of complex cyberattacks on the public sector.
Learn from incidents and plan ahead: Use the

knowledge gained from past incidents to improve
the overall security management process. Also,
develop and regularly update an incident response
plan. This plan should outline the steps to be taken
in the event of a cyberattack, ensuring a quick
and effective response to minimize damage.
Conduct regular security audits: Conduct frequent

and comprehensive security audits to identify
and address vulnerabilities within the system.
This proactive approach helps uncover potential
weaknesses before cybercriminals can exploit them.
Implement personalized training programs: Provide

regular training tailored to the organization’s specific
needs and the roles of its workforce members. For
example, provide specific training modules for the
healthcare sector that address the social engineering
techniques most applied to this sector. Phishing
simulations should also be personalized to each sector.
INTERVIEW
John
Noble
Non-executive director and chair of the
Cyber Security Committee of NHS in England
John Noble was the Director of Incident Management at the National Cyber
Security Centre (NCSC) in the UK from 2016 to 2018, where he led responses
to nearly 800 significant cyber incidents, contributing to the objective of
making the UK the safest place for online business. He is currently a non-
executive director at NHS Digital (National Health Service), where he chairs
the Information Assurance and Cyber Security Committee.
“
By sharing information between governments
and fostering collaboration between the private
sector and the government, we can better
understand emerging threats.
What is the National Cyber Security Center Why did you decide to make NCSC part of
(NCSC) and what is its main goal? the GCHQ intelligence agency?
The decision to create the NCSC stemmed from a The decision to make NCSC part of the Government
political judgment by then-Prime Minister Gordon Communications Headquarters (GCHQ) intelligence
Brown. Recognizing the nation’s move towards a agency was strategic. GCHQ’s expertise in network
digital society built on the inherently insecure inter defense and established cyber security agency
net, the government saw the need for an agency to made it the ideal host for the NCSC.
provide advice and assistance.
Interview: John Noble, NHS England 30
What is the role of the NCSC?
When we started, we had to figure out how the

government could best help and how the NCSC
could help make the UK the safest place to do
business online. We realized that we had to do it by
sharing government experience and building a
“
There has been a mind shift in
government towards putting the
protection of our digital economy –
and digital companies as the
partnership between the government and the
top priority.
private sector.
Why is it important to have collaboration What are some key themes you’ve observed
between the public and private sectors in in the threat landscape over the past
cyber security efforts? decades?
Both the government and the private sector hold The threat landscape, particularly cybercrime, has
unique strengths in cyber security, so NCSC significantly changed over the past decades. One
analyzes how the government can provide means prominent aspect is the explosive growth of
for collaboration between the two. This led to the ransomware, turning it into a sophisticated and
creation of two initiatives: the Cyber Information specialized ecosystem. Cybercriminal groups like
Sharing Partnership (CISP), which allows companies Conti now exhibit business-like structures and
to exchange cyber threat information anonymously hierarchies with distinct departments and job
in real-time, and the Cyber 100, an initiative through titles. Authorities may stop some of these
which experts from the private sector are brought organizations, but they learn the lesson, reform,
in to share their knowledge with NCSC. and adapt.
There’s skepticism by organizations to share There has been an increasing trend where
their vulnerabilities with public entities cybercriminals infiltrate systems and do
because they fear that this information will nothing. How can we explain this?
be used against them. How can we convey
When a vulnerability is exposed, bad actors infiltrate
the message of the government wanting to
and put down an implant across many different
support and not damage organizations?
companies. They do this just so they can return later.
Here, the concept of trust and openness is crucial. This is the case with critical infrastructure, where it
If an intelligence agency finds a vulnerability in a is important to patch vulnerabilities quickly.
piece of software and does not disclose it, cyber
criminals can take advantage of it. Agencies like
NCSC need to build trust with companies to be able Addressing vulnerabilities can be especially
to share evidence of these vulnerabilities. This can challenging in the public sector because
result in some very profitable and important organizations run 24-hour operations. Can
relationships with companies. you share insights into the NHS’s approach
to addressing this issue?
I also think there has been a mind shift in govern
ment towards putting the protection of our digital The NHS has learned significant lessons from
economy – and digital companies – as the top incidents like WannaCry, which exploited a known
priority. People need to understand that protecting vulnerability many hospital trusts had not ad
our digital economy must mean sharing information dressed. This incident impacted hospitals not only
with governments. financially but also affected patient care.
In response to vulnerabilities in healthcare systems, cause, carrying out DDoS attacks and being very
two key strategies have been implemented. The explicit that they want to attack the countries that
first one is to clearly identify critical vulnerabilities are supporting Ukraine.
“
that are actively being exploited and require urgent
patching. The second one is to set clear mandatory
standards that organizations need to commit to.
The Russian conflict has caused

What impact has the centralization of
a rise in hacktivism on both sides.
healthcare systems, as seen in the UK’s
NHS, had on addressing cyber security
challenges and vulnerabilities?
The centralization of healthcare systems has both

Is there a gray area of interaction between
positive and negative implications for addressing
the commercial side of cybercrime and
cyber security challenges. On the positive side, a
politically motivated cybercrime?
more centralized system provides clearer stan
dards and expectations, making communicating Normally, a state decides not to use cyber because
and enforcing cyber security measures across the of the consequences that it may have, such as the
entire network easier. This centralized approach embarrassment it would cause. However, in a
also improved patient care and quicker responses context like the war in Ukraine, states do not really
to vulnerabilities. However, it also introduces care what others think or the consequences that
challenges. A centralized system means that a their actions may have.
compromise in one part of the system may affect
We have moved from a situation where we had in
others, which means a failure in one system can
place some very effective actions against hacking
have a bigger impact across the system.
groups to a position where there is now a collab
oration between these groups and the state.
There is even now a discussion by leading Russian
What role does geopolitics play in shaping
politicians about legitimizing attacks. It would be
cyber security threats, and how does it
terrible to get to a situation where a country
impact the interaction between nation-
legitimizes crime against others. I really hope that
states and private entities?
we don’t go as far as that.
When we analyze a threat, we need to look at two
things: the intent of an actor and their capability.
Events like the invasion of Ukraine have led to an What other strategies do nation-states use
intent of nation-states to use attacks to succeed in in this collaboration?
their war efforts. Regarding capability, we are seeing
Deniability is important for countries because it
nation-states developing capabilities that end up
lets them hide their actions. We are seeing these
being used against us.
nation-states using many of the tools used by crime
groups to allow them to deny their responsibility
in these attacks. For example, if a commercially
What about hacktivism?
available implant is discovered in a part of a critical
The Russian conflict has caused a rise in hacktivism national infrastructure, it is very hard to know if a
on both sides. We have seen a cyber army of Ukraine nation-state is behind that or not. Thus, it is very
carry out attack on Russian companies, on media easy for the state to deny it. The availability of
companies, etc. But we have also seen groups like these tools allows the nation to use this criminal
KillNet, who are very much aligned with the Russian talent pool.
You mentioned other nations when we What steps can be taken to mitigate cyber
talked about Russia. What are other key threats, particularly those posed by
players in the cyber threat landscape? advanced persistent threats (APT)?
When we look at some of the really important By sharing information at an international level
strategic issues, we need to talk about China’s between governments and fostering collaboration
growing influence, the tensions in the South China between the private sector and the government,
Sea, and its attitude towards Taiwan and its other we can create a more comprehensive under
neighbors like the Philippines. China’s cyber capa standing of emerging threats. By sharing indicators
bilities have witnessed significant growth, marked of compromise (IOCs) and building a trust
by increased sophistication and the utilization of relationship between both sectors, we can over
new zero-day attacks. They have reformed their come commercial sensitivities. We can establish a
intelligence organizations to avoid conflict, and united front to detect and respond to emerging
they have become much more professional. The threats efficiently.
Chinese have also widened their areas of interest.
They always take a long-term view where they build
up capabilities over time.
Europe and the UK, on the other side, have a con

sistent view on cyber, and we have recognized that
we need to be more strategic rather than being
reactive to the latest events.
Did you enjoy the interview?
You can listen to the full version

in our Human Firewall podcast.
Listen to CEO Dr. Niklas Hellemann’s conversation

with John Noble and their additional insights on the
importance of international cooperation in the field
of cyber security.
Listen here
7 Cyberattacks are becoming more

realistic and dangerous due to
pretexting and multichannel tactics
Sophisticated social engineering methods like pre details that help them create highly convincing and
texting – where hackers impersonate someone tailored stories that the victim will trust.
the victim trusts and use a fake story to make them
fall for the scam – are increasingly being used by However, the channels through which cyber
cybercriminals to exploit and manipulate victims for criminals find this data are not only sources of
financial gain or sensitive data theft. In fact, according information but also attack vectors. According
to a 2023 report by Verizon, pretexting attacks to our Human Risk Review 2023, email phishing
account for more than 50% of all social engineering continues to dominate, with a significant 61% of
incidents, showing how attackers continue to rely organizations targeted. However, the cyber threat
heavily on deception and manipulation, always capi landscape is expanding, with 34% of attacks now
talizing on human emotions.1 using social media.3 For example, with so many small
businesses relying on social media as their primary
In the most sophisticated form of pretexting, cyber source of customers, hackers are seizing the
criminals research the victim through multiple opportunity to take over their accounts and bring
channels, such as social media, blogs, or websites, businesses to their knees. This is what happened
to gain insight into very specific data about the victim to a small business that sold granola through
that they can later use in their fabricated story to Instagram.4 Attackers contacted the owner through
make it more believable and increase their success Instagram, impersonating another business the
rate.2 This can include information about their victim trusted, and asked her to click on a link to vote
workplace, social life, pets, partners, or other personal for the business in a contest. The bad actors then
took over her Instagram account and demanded
$10,000, which she paid in order to regain control of
her business. But this is just one use. Cybercriminals
can use social media to target organizations in many
ways, including taking over employee accounts to
talk to colleagues and solicit sensitive information
or making them download malicious attachments
disguised as legitimate business documents.
1
Verizon (2023). Data Breach Investigation Report.
2
The Wall Street Journal (2021). What Hackers Can Learn
About You From Your Social-Media Profile.
3
SoSafe (2023). Human Risk Review.
4
CNBC (2023). Phishing scams targeting small business on
social media including Meta are a ‘gold mine’ for criminals.
Cyberattacks are becoming more realistic and dangerous due to pretexting and multichannel tactics 34
Messaging apps like WhatsApp and Microsoft by attackers who sent her an SMS asking if she had
Teams are also some of hackers’ favorite channels, authorized a $7,500 transfer.7 Shortly thereafter, the
both in our private and professional lives. Recently, attacker took advantage of her fear and called her,
the Kolkata Police in India warned of a series of posing as a fraud investigator, asking her to change
WhatsApp attacks where hackers used the pretext her credentials to prevent a scammer from stealing
of the World Yoga Day to send out messages her money. The attacker ended up stealing $15,000
offering yoga classes and asking people to click on from both of her bank accounts.
a link and then share a six-digit OTP code, which
inadvertently gave the attackers access to the These multichannel attacks become even more
victim’s WhatsApp account.5 After taking over their convincing and effective when they use AI
account, they sent messages to their contacts, technology. A stark example of this happened to an
creating a sense of urgency and asking for money. In employee of Retool.8 First, the attackers sent a text
another attack using the professional app Microsoft message to the victim pretending to be the IT team
Teams, attackers sent messages to their victims solving a payroll issue. The employee then introduced
pretending to be part of the HR team and saying that their credentials on a fake landing page. Since the
their vacation schedule had changed. The attacker
6
employee had enabled MFA, the cybercriminals had
urged the victim to download a file containing the to call the victim using an AI-generated cloned voice
vacation schedule, which instead loaded a malware from an IT team member and ask for the OTP token
called DarkGate. to bypass it. From there, the attackers were able to
take over the accounts of 27 customers and steal
But cybercriminals haven’t stopped there. They thousands of dollars worth of cryptocurrency.
are constantly evolving their tactics to make
their attacks more convincing. And they are now With cybercriminals stepping up their game with
also orchestrating highly sophisticated attacks highly sophisticated and professional tactics, we
where they contact their victim through multiple must be extra cautious and make sure that secure
channels, such as SMS, email, or phone calls. For behavior is ingrained in our DNA.
example, in one case where attackers combined
SMS and voice phishing, a woman was scammed
5
The Times of India (2023). Police warns netizens about WhatsApp hacking, here’s how fraudsters hack accounts.
6
Decipher (2023). Threat actors deliver DarkGate malware via Skype, Teams Chats.
7
The Guardian (2023). Gone in seconds: rising text message scams are draining US bank accounts.
8
The Hackers News (2023). Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients.
Cyberattacks are becoming more realistic and dangerous due to pretexting and multichannel tactics 35
C H EC K L I S T Conduct sender and caller verification training: It’s

important to train your employees to independently
verify the identity of senders and callers. Even if an
Security incoming call appears legitimate, it’s safer to contact
best practices the person directly through a separate trusted channel
if it involves sensitive requests or seems suspicious.
Check external parties: Extend vigilance to include any

external parties interacting with your systems. When
they require access to sensitive information, confirm they
comply with your organization’s cyber security standards.
Encourage swift and guilt-free reporting: Foster a culture

where employees promptly report any phishing attempts
or unusual activities without fearing repercussions. Quick
and guilt-free reporting enables security teams to act
fast, potentially preventing an attack from worsening.
Update cyber security policies: Continuously revise

your cyber security policies to include emerging social
engineering tactics like pretexting. Keeping your policies
current ensures your defenses stay strong and effective.
Enhance incident response plans: Regularly update your

incident response (IR) strategies to lessen the impact of
successful pretexting attacks or other methods. Establish
clear procedures for detecting, managing, and mitigating
attacks to safeguard business continuity and security. Also,
make sure that you continuously enhance the IR plans and
periodically do tabletop exercises to train the IR muscles.
Train your employees continuously: Provide ongoing

training on the latest cyber security threats, including
pretexting, and multichannel attacks. Consolidate their
learnings through simulations that train them in real-
life situations. Educating employees about recognizing
and handling suspicious activities is key to creating a
vigilant workforce capable of identifying and preventing
fraudulent schemes.
8 Rising burnout rates challenge cyber

security teams like never before
We addressed the issue of security team burnout threats and significantly increasing the risk of
last year, but the recent global tensions and security breaches in their organizations. This risk
continued professionalization of cybercrime, now is compounded by the fact that cybercriminals are
fueled by AI-powered tools, are not only making constantly evolving their techniques and becoming
attacks more complex and difficult to detect but more sophisticated in their attacks, as we have
also putting unprecedented pressure on security already seen in the past sections.
professionals. In this relentless wave of challenges,
our teams’ resilience and adaptability are being
Have you ever been prescribed medication
tested like never before.
by a doctor for mental health?
A key factor exacerbating this pressure is the

shortage of skilled labor in the industry. According
50.8 %
to ISC2’s latest report, there are 3.9 million unfilled 49.2 %
cyber security positions worldwide, up another
12.6% in 2023 compared to 2022, with the largest
increases in Asia-Pacific (particularly Japan and
India) and North America.1 Europe isn’t lagging
behind either, with its cyber security workforce gap
up 9.7% from last year. But that’s not all. According
no yes Source: Tines3
to a study by ISACA, 59% of organizations have
a shortage of cyber security staff, dramatically
increasing the workload for existing teams and often The case of AccessPress illustrates the enormous
driving security officers to the brink of burnout or challenges faced by security teams.4 As a WordPress
even resignation.2 plugin provider, AccessPress was the target of a
sophisticated cyberattack. Hackers compromised
A survey of over a thousand security team members 40 themes and 53 plugins used on over 360,000
in the US and Europe confirms this: 66% of active websites, showing the potential reach of
respondents suffer from significant work stress, software supply chain attacks. This far-reaching
51% have been prescribed medication for mental compromise, which gave the attackers access to a
health, and 19% consume more than three alcoholic large number of websites, illustrates the severity
drinks a day as a coping mechanism. But this 3
and complexity of threats in today’s cyber security
condition goes far beyond a personal burden. It can landscape and reveals not only the technical
also cause teams to overlook important details, challenges but also the human aspects of cyber
affecting their ability to respond effectively to security, particularly the strain on security teams.
1
ISC2 (2023). How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce.
2
ISACA (2023). New ISACA Research: 59 Percent of Cybersecurity Teams are Understaffed.
3
Tines (2022). State of Mental Health in Cybersecurity.
37
“
The number one challenge in
the cyber security industry right
now is burnout: There’s too much
data, too many cases, and not
enough time.
Stéphane Duguin
CEO of the CyberPeace Institute
In addition to protecting other departments within

the organization and responding quickly to at
tacks, security teams themselves are among
the departments most at risk of falling victim to
cyberattacks, according to our Human Risk Review
2023.5 One of the reasons is that cybercriminals,
recognizing that stress can make security personnel
more vulnerable, are strategically using team
burnout as a pathway for their attacks. By scrutinizing
organizations, they identify those whose teams
show signs of being overworked or stressed, making
them prime targets.
In this dynamic and challenging environment, it

is essential that organizations invest in their
security teams to promote the well-being of their
employees. It is important to allocate appropriate
budgets and develop retention career plans to
alleviate burnout, retain talent, and have enough
resources to put in place the right security
measures. Only when these steps are taken will
teams work effectively to counter cyberattacks and
increase security.
4
The Hacker News (2022). Hackers Planted Secret Backdoor in
Dozens of WordPress Plugins and Themes.
5
SoSafe (2023). Human Risk Review.
Rising burnout rates challenge cyber security teams like never before 38
C H EC K L I S T Prioritize mental health and work-life balance:

Develop programs to support the mental health and
well-being of security team members. This could
Security include flexible working hours, access to counseling
best practices services, and regular breaks to prevent burnout.
Implement effective threat detection tools: Use

advanced tools, such as AI-driven threat detection
systems, phishing alert buttons, and other tools like
SoSafe’s email assistant PhishFeedback, to reduce the
time and effort required to identify threats.
Automate email analysis: Implement automation

tools specifically for Security Operations Center (SOC)
teams to analyze reported emails. This can significantly
streamline the process of evaluating potential threats
from emails, allowing SOC team members to focus on
more critical and complex security issues.
Automate routine tasks: Use automation for recurring

and routine tasks to allow security professionals
to focus on more complex and strategic aspects of
cyber security.
Encourage training and upskilling: Provide ongoing

training and upskilling programs to improve teams’
abilities to deal with the latest cyber threats
and technologies. Additionally, facilitate cross-
collaborations and establish security champions
within other tech teams.
Invest in employee retention: Develop career plans

and development programs to retain talent and
reduce turnover.
Regular feedback sessions and appraisal interviews:

Conduct regular one-to-one meetings to give and
receive feedback in order to understand and respond
to employees’ needs.
Outlook 39
Throughout 2024, expect

more breaches that involve
the human element
All of this year’s trends have made one thing clear: Our cyber security
measures will remain incomplete until we focus on people – just as
hackers do. They know that their greatest chance of success lies in
playing on human emotions, and that’s why social engineering is at the
core of their practices, as we’ve seen repeatedly in this report.
Verizon’s Data Breach Investigations Report estimated that up to 74%

of breaches involved a human element in 2023, and even tech-focused
industry groups now acknowledge the role of humans in exploiting
technology.1 This is just the beginning of what’s to come. In 2024, the
percentage of breaches involving a human element will increase
even further, according to Forrester’s Predictions 2024 report.2 With
the professionalization of cybercrime and the rise of AI, cybercriminals
can now create truly convincing and complex social engineering
attacks.This makes it harder to tell the difference between genuine
and malicious messages. And with more digital ways to communicate,
these threats are spreading faster than ever.
The Allianz Risk Barometer 2024 also estimates that cyber incidents
will be the top global business risk in 2024, leaving security leaders no
room to ignore the human element in their security strategies.3 The
good news is that there’s a powerful countermeasure to this risk: cyber
security awareness and training. By bringing cyber security to where
people are and making secure behavior second nature, we can turn
the tide against cyber threats. Remember, it’s not just systems but
people who are the targets and bear the brunt of cyberattacks. It’s also
people who have the power to stop these attacks. Building a culture
of security isn’t just a corporate responsibility – it’s a personal one,
too. Together, we can beat back the looming shadow of sophisticated
cybercrime and safeguard our future.
1
Verizon (2023). Data Breach Investigations Report.
2
Forrester (2024). Predictions 2024: Exploration Generates Progress.
3
Allianz (2024). Allianz Risk Barometer 2024.
About SoSafe 40
Scale your security culture with ease

With its awareness platform, SoSafe empowers fun and effective. Comprehensive analytics mea-
organizations to strengthen their security culture sure the behavioral change impact and tell orga-
and mitigate human risk. The platform delivers en- nizations exactly where vulnerabilities lie so that
gaging learning experiences and smart attack they can proactively respond to cyberthreats.
simulations that help employees become active The SoSafe platform is easy to deploy and scale,
defenders against online threats – all powered by effortlessly fostering secure habits in every
behavioral science to make the learning journey employee.
TEACH E-learning platform and content

A behavioral science-based learning platform employees love. Strengthen your resilience to cyberthreats
and fulfill compliance obligations with dynamic and impactful learning experiences across channels to
easily build long-lasting, secure habits.
Story-driven, gamified learning content

designed to engage and stick
Curated and guided content library

readily scalable for growth
Low-effort customization and content

management to fit every organization
TRANSFER Phishing simulations

User-centric phishing simulations that foster secure habits. Train your employees on how to recognize
cyberattacks with our regular automated spear phishing simulations that create lasting security aware-
ness in their everyday work – to effectively reduce risk and crucial threat detection time.
Personalized and realistic cyberattack simulations
Context-based learning walkthroughs to reinforce

secure employee behavior
Easy reporting of threats with a one-click Phishing

Report Button
About SoSafe 41
ACT Reporting and analysis

Protect your organization from costly incidents by using our comprehensive human risk assessment
solution. Receive a complete overview of your human layer security so that you can stay ahead of po-
tential vulnerabilities. Monitor and interpret the impact of your awareness programs, analyze behav-
ior, and make informed data-driven decisions.
Contextual insights, including technical and

behavioral KPIs
Industry benchmarking and actionable guidelines
Built for ISO/IEC-27001 requirements, and on a

privacy-by-design approach
CONNECT MS Teams integration

Cyber criminals are moving faster than ever, but so can you. Rapid Awareness enables you to rapidly con-
nect with your employees in MS Teams. Enable rapid micro-learning to address emerging threats, em-
power your team with instant alerts, and transform them into your strongest defense.
Connect directly with your staff in MS Teams
Save time and communicate with ease
Send bite-sized security alerts that employees

can easily digest
Track and monitor the number of employees

who read the alert
42
Human Firewall
Conference
HuFiCon is a European cyber security event designed to help
security professionals transform their teams into cyber heroes.
Join us for expert talks, hands-on workshops, and a community
committed to putting people at the heart of cyber security.
Will you step up to guide the future of cyber security?
Where? Halle Tor 2, Cologne

Register now for HuFiCon24
When? November 14-15, 2024
Contact
For further questions regarding this report,
please reach out to:
Laura Hartmann
Head of Corporate Communications
[email protected]
Disclaimer:
Every effort has been made to ensure that the contents of this document are correct.
However, we do not accept any liability for the content’s accuracy, completeness and cur-
rency. SoSafe in particular does not assume any liability for any damages or consequences
resulting from direct or indirect use.
Copyright:
SoSafe grants everyone the free, spatially and temporally unlimited, non-exclusive right to
use, reproduce and distribute the work or parts thereof, both for private and for commercial
purposes. Changes or modifications to the work are not permitted unless they are techni-
cally necessary to enable the aforementioned uses. This right is subject to the condition
that SoSafe GmbH authorship and, especially where extracts are used, this work is indicted
as the source under its title. Where possible and practical, the URL at which SoSafe provides
access to the work should also be given.
44
SoSafe GmbH [email protected]

Lichtstrasse 25a www.sosafe-awareness.com
50825 Cologne, Germany +49 221 65083800

Cybercrime Trends 2024

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Cybercrime Trends 2024

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cybercrime Trends 2024

Uploaded by

Copyright:

Available Formats

Cybercrime

1 AI’s growing role in 4 6 Challenges for the 25

2 Cybercriminals exploit 8 Interview with 29

3 Cybercrime will become 11 7 Pretexting and 33

Interview with 14 8 Rising burnout rates in 36

4 The hacktivist movement 18 Outlook 39

5 Disinformation-as-a- 22 About SoSafe 40

In 2023, everything changed.

As we head into 2024, fueled by this unprecedented speed of

With the likelihood of an attack resulting from human error expected

1 AI’s growing role in cyberattacks:

The widespread use of AI, which is expected to reach

While bad actors have used both technologies for

Voice cloning is not lagging behind. A recent study

1 in 4 mostly use these for financial scams, some of them

This image-uploading capability has also raised

And as technology advances, hackers are also

The risk associated with AI can also stem from its

But perhaps the most common AI limitation is a

Considering the emerging threats from the use of AI

C H EC K L I S T Check AI-generated code before implementing it:

Leverage AI to strengthen your security: Incorporating

Use AI tools responsibly: Avoid entering personal

Be wary of suspicious voice or video messages: Even

Educate your employees on the security threats

2 Beyond AI: All new technologies are

The ransomware attack in Sri Lanka in early August

C H EC K L I S T Strengthen cloud security: Invest in comprehensive

Adopt a crypto-agile approach: Be prepared

Secure 5G networks: Address vulnerabilities in

Mitigate legacy infrastructure vulnerabilities:

Monitor and adapt to emerging threats: Stay

Strengthen your team’s cyber security skills:

3 Cybercrime will transform into an

The professionalization of cybercrime continues to A concerning example of this happened in Maine

Inge van der Beijl Considering this rise of professional, complex

C H EC K L I S T Build a resilient infrastructure against ransomware:

Dealing with zero-day vulnerabilities: Develop strategies

Protection against social engineering and phishing

Strengthen supply chain security: Review and secure

Improve data security and integrity: Implement advanced

Use threat intelligence and analytics: Use threat

Operating a website without being protected from

4 Digital dissent and deception:

The ongoing conflict between Russia and Ukraine,

Almost simultaneously, KillNet focused on dis­

But hacktivism extends beyond warfare and Source: Motorola Solutions 8

C H EC K L I S T Build redundant network infrastructure: Having

Regular stress testing: Conduct stress tests on your

Implement rate limiting, scrubbing services,

Regular data backup and off-site storage: Regularly

Network segmentation: Segment your network

User privilege restrictions: Implement least privilege

C H EC K L I S T Web Application Firewall (WAF): Implement a WAF

Strong authentication measures: Enforce robust

Monitoring and alerting systems: Use monitoring

In the years since the Cambridge Analytica scandal,

A key platform to showcase the impact of disinfor­

On the other hand, financially motivated cyber­

Almost simultaneously, KillNet focused on dis

A key platform to showcase the impact of disinfor

On the other hand, financially motivated cyber

Europe and the UK, on the other side, have a con