30.11.2023 | 2 Images

G DATA IT security outlook 2024: More fakes, more regulations and rising ransom demands

Cyber criminals are using artificial intelligence to manipulate texts, images and voices.

What cyber risks will companies be facing in the coming year? According to G DATA CyberDefense, artificial intelligence (AI) is becoming more and more of a serious threat to IT security. This is because cyber criminals are increasingly exploiting the great potential of artificial intelligence and jeopardising IT security with fakes. Other challenges such as increasing regulatory requirements and high ransom demands are making IT security even more of a Sisyphean task.

Cyber defence companies are not alone in relying on artificial intelligence to detect attack attempts at an early stage. Cyber criminals are misusing AI for their own purposes. The quality of phishing emails in particular is increasing - and so is their efficiency. In general, fakes in every known form will increase in the coming year - from fake photos and videos to job applications and even academic papers. In future, it will be almost impossible to distinguish phishing emails or fake images from originals. And the rapid increase in fakes means that not only more time, but also more knowledge and expertise are required to expose such manipulation.

“For economic reasons, cyber criminals are focussing on methods that generate maximum profit with minimal effort when using AI,” says Andreas Lüning, co-founder and CEO of G DATA CyberDefense. “We need a coherent concept to be able to prove the authenticity of a document or photo in the future - or proof that a human is behind it.”

Even though a purely AI-based attack may still be a long way off, criminals are still using the technology to support their activities. This is where users are specifically being targeted. Shock calls are a potential scenario for this. With such calls, the caller pretends to be a family member, a doctor, a lawyer or even a member of the emergency services in order to steal personal data and money.

Old wine in new skins?
In future, malware authors will find new ways to protect their malicious programs from being analysed. This is where variations on old methods will come into play again. These could be little-used and comparatively unknown file and archive formats, or even technologies that behave differently under the surface than the analysis software indicates. Unknown archive formats are potentially interesting precisely because ‘exotic’ formats cannot be checked by a malware scanner - unlike common ones such as RAR or ZIP.

Another trend in 2024 will be that the total amounts of damage will rise because the increasing professionalisation and the associated division of labour among the cybercrime groups will lead to more double extortion attacks. This involves two groups of perpetrators blackmailing a company at the same time. One group demands a ransom for the non-disclosure of leaked data, while a second demands money for the decryption of encrypted information. “Either/or” is increasingly becoming “both/and”.

Regulatory pressure is increasing
With the new NIS 2 (Network and Information Security) directive, the EU has introduced a requirement to improve the level of IT security in companies. Many things are still unclear or in limbo due to the national legislative process, but companies nevertheless need to start preparing now. NIS-2 is finally making IT security a top priority. Managers will be held to greater accountability in future. However, many board members and management teams will need help getting to grips with the subject. NIS-2 will further increase the need for IT security specialists.

“Companies currently need clarity about the requirements for NIS-2 and a timetable for implementation,” says Andreas Lüning. “Regardless of this, they should not sit and wait until laws come into force. Cyber criminals do not wait for regulations to come into effect. Companies should therefore start to increase their resilience to cyber attacks now.”

External security expertise will become even more important in 2024
In view of the complex situation described above, IT security remains a mammoth task for companies. Very few companies have the option of building up or hiring their own expertise for each sub-area, so a lot of companies are seeking the support of specialised IT security service providers. Fuelled by increasing legal requirements, this trend will continue to intensify in the coming years.

“Those who place their company’s IT security in the hands of a cyber defence company benefit in many ways when using services such as Managed Endpoint Detection and Response,” says Tim Berghoff, Security Evangelist at G DATA CyberDefense. “Experts monitor the network around the clock and can ward off attacks at an early stage. At the same time, this also ensures that regulatory requirements such as NIS-2 are being met, while also eliminating the issue of a shortage of skilled labour.”

Print page Send link

With holistic cyber defence services, G DATA CyberDefense makes you defensible against cybercrime. The renowned IT security company protects with AI technologies, endpoint protection, security monitoring and offers penetration tests, incident response and awareness training in order to secure companies in the best possible way.

G DATA CyberDefense AG supports its customers in every security situation. From the headquarters in Bochum, more than 550 employees ensure the digital security of companies, critical infrastructures such as hospitals or airports as well as millions of private users. With almost 40 years of expertise in malware analysis, G DATA has become a top player in the cybersecurity world and conducts research and software development exclusively in Germany. This also applies to service and support, which is available around the clock for customers all over the world. G DATA security solutions are available in more than 90 countries and have received numerous awards from independent test institutes.