Google Cloud posted a forecast report for 2024 predictions about 2024.
The report discusses the impact of new technologies on both attackers and defenders in 2024. It notes the potential for gen AI to enable convincing phishing campaigns and information operations at scale, posing challenges for defenders. However, defenders are also leveraging these technologies to enhance detection, response, and attribution, addressing threat overload and skill gaps. The Big Four nations—China, Russia, North Korea, and Iran—are expected to continue diverse cyber activities, utilizing evasion techniques such as zero-day vulnerabilities. The post advises preparedness for global cyber activity during major events in 2024 and highlights the evolving nature of the cybersecurity landscape.
In this post, we want to indicate the predictions for big four countries that have most cyber activities:
The report outlines that cyber activities originating from China will be driven by long-term priorities, including internal stability, territorial integrity, and issues related to Taiwan, regional hegemony, and economic influence. Chinese cyber espionage actors will focus on maintaining stealth, reducing detection opportunities, and thwarting attribution. Anticipated tactics include zero-day exploitation, targeting network edge systems, supply chain compromise, and the use of botnets and proxy networks for disguising traffic. China is expected to advance its military and civilian capabilities for disruptive and destructive cyber operations aligned with national objectives. The potential for such operations during active conflicts poses a global threat, impacting daily life activities, critical infrastructure, and safety.
The report predicts that Ukraine will remain a primary target of Russian cyber threat activity in 2024 and beyond, encompassing intelligence gathering, disruptive and destructive attacks, and information operations at heightened levels. Additionally, Russian cyber espionage operations are expected outside of Ukraine, targeting government, defense, civil society, non-profits, and energy sectors, aligning with longstanding priorities. Ongoing sanctions on Russia are anticipated to impact technological and military innovation, prompting increased intellectual property theft as a compensatory measure, following a model similar to Chinese intellectual property theft in recent years.
The report highlights increased financially motivated cyber threat activities originating from North Korea, with a notable focus on targeting the cryptocurrency industry and other blockchain-related platforms. Anticipating further emphasis in 2024, the expectation is that North Korea will intensify efforts to steal cryptocurrency and NFTs, using the proceeds to fund weapons, nuclear programs, cyber operations, and infrastructure acquisition. The regime’s commitment to self-reliance (juche) is evident in their approach, running self-sustaining operations to alleviate financial strain on central governing bodies. The trend of cyber crime campaigns funding espionage operations is expected to persist, and North Korea is likely to exploit opportunities for additional supply chain compromises.
The report indicates that Iran’s geopolitical ambitions, economic development needs, competition with regional rivals Saudi Arabia and Israel, and threats to regime stability are key drivers of state-sponsored cyber threat activity. The heightened threat to Israel is emphasized following Hamas’ multi-pronged assault on Oct. 7, 2023. The expectation is that Iranian threat actors will engage in intelligence gathering, information operations, and potentially hybrid hack-and-leak or other disruptive and destructive attacks.