In 2024, artificial intelligence (AI) and large language models (LLMs) stopped being buzzwords, but continue to pose serious threats. Likewise, while there were ransomware attacks reminiscent of the Colonial Pipeline hack of 2021, the dangers remain.
ClearanceJobs spoke with several cybersecurity experts, who offered a review of the biggest trends in cybersecurity for 2024 – while they shared their thoughts on what lessons were learned.
2024 in Review
“2024 will go into the books as a year in which the cybersecurity threat landscape ground shifted in major ways, marking the start of an era in which that landscape will continue evolving at an unprecedented rate,” explained Cyware President Jawahar Sivasankaran.
The past 12 months have seen the adoption of new tools, techniques, and technologies, which also continue to transform the way attackers attack and defenders defend, bringing forth new threats that will plague organizations throughout 2025 and beyond.
“Heading into the New Year, it’s an ideal time to consider some of these threats and the strategies that will help protect against them,” Sivasankaran continued. “Giving serious consideration to informed predictions is an essential first step toward embracing the core strategies to address these emerging threats, and threat intelligence has a substantial role to play in 2025 and from here onward.”
Ransomware Continues
Ransomware may not have dominated headlines, yet, it remained both predictable and frustrating for cybersecurity professionals this year.
“Given that this has been a continuous security focus for years, you would expect more progress. The problem is that ransomware is not a specific technique – it’s more of a proven way to monetize most types of breaches. Extortion has always been effective and there’s little indication that this will change,” explained Mali Gorantla, co-founder and chief scientist at AppSoc.
“Ransomware continued to be an unrelenting threat to organizations of all shapes and sizes in 2024,” added Paul Bischoff, consumer privacy advocate at Comparitech. “Comparitech researchers logged 1,127 confirmed ransomware attacks in 2024 so far, compromising more than 192 million records. The average ransom demand was $3.4 million. The top three ransomware gangs in 2024 were RansomHub, LockBit, and Medusa.”
AI Went Mainstream – More Widely Deployed
2024 could be the year that AI and LLMs “went mainstream,” moving from the experimental stage to being more widely deployed and adopted. In the process, it provided new tools for cybercriminals.
“We saw a substantial increase in AI-enabled deep fake services and use of those services by scammers,” suggested Roger Grimes, data-driven defense evangelist at KnowBe4.
AI has made it easier than ever to create deepfakes, and as a result, seeing is no longer believing.
“We have crossed the AI-deepfake rubicon. It used to be that we told end-users they couldn’t trust every email just because it looked legitimate,” said Grimes.
“It’s hardly new, but AI is going to continue to be both a blessing and more likely a curse as we move into next year,” added Darren James, senior product manager at Specops Software.
“These threat actors are using AI to better craft social engineering attacks, as they drastically improve the language and personalized data that can be used in phishing, smishing, or vishing attacks.”
Supply Chains Remained a Weak Link
The supply chain crisis, which followed the global pandemic and played a role in the increase in inflation, has been largely resolved. However, supply chains are a weak link – one that could be ripe for future attacks.
“Over the last few years, there have been an increasing number of high-profile supply chain attacks – such as SolarWinds and Log4j,” warned Gorantla. “While there is more awareness of this problem, we’re not close to solving it because the dependence on third-party code continues to expand. Addressing supply chain security requires considerably better communication and cooperation with suppliers and much greater scrutiny of third-party code than most security teams can handle.”
VPN Attacks Continued
2024 continued to see attacks targeting networks and VPN infrastructure, while bad actors exploited known vulnerabilities and leveraged advanced techniques to reach sensitive data and disrupt operations around the globe.
Lawrence Pingree, vice president at Dispersive, said Zero-Day exploits remained a serious concern.
“CISA underscored the severity of these vulnerabilities with an emergency directive to federal agencies, urging them to disconnect affected VPN devices,” Pingree continued. “This trend highlights the increasing challenge of securing against zero-day exploits and the need for proactive security measures that go beyond traditional reactive approaches.”
In addition, Pingree further cautioned that threat actors were seen to launch brute-force attacks against VPN and SSH providers in 2024, often using anonymization tools like TOR and various proxy services to obfuscate their origins3.
“These attacks demonstrate the persistence of attackers and their ability to leverage readily available tools to mask their activities,” he explained. “VPNs became a primary attack vector for ransomware campaigns, with attackers exploiting vulnerabilities to gain initial access and move laterally within networks.”
China-backed Cyberattacks Increased
While Beijing has long engaged in cyber activities, 2024 saw a marked increase in cyberattacks attributed to Chinese-backed actors. These targeted critical infrastructure, telecommunications networks, and high-value targets.
For those reasons, Pingree recommended cybersecurity professionals prioritize their VPN security, opt for zero-trust strategies, and monitor for potential ransomware attacks – which remained one of the top threats exploiting VPN vulnerabilities.
“It is crucial to stay vigilant in monitoring networks for signs of ransomware activity, such as unusual network traffic or suspicious user behavior,” Pingree added. “Do regular security audits and penetration testing: The threat landscape is growing, as the 30% increase in malware attacks between 2023 and 2024 indicates. Security audits and penetration testing can help identify vulnerabilities before they are exploited by attackers.”
Teams should also invest in incident response planning, and implement security measures to prevent DDoS attacks.
“Monitor data breaches closely,” said Pingree. “The average cost of a data breach in 2024 is $4.88 million, highlighting the importance of monitoring for signs of data breaches and taking swift action when they occur.”
The Final Takeaways From 2024
Remaining vigilant should be part of the cyber due diligence. 2024 should serve as a reminder that it is necessary to keep systems up to date with security patches and updates and to develop a comprehensive cybersecurity strategy.
“With an increase in malware attacks between 2023 and 2024 of 30%, it is essential to stay current with the latest security patches and updates for all systems, including the latest generation of preemptive defense VPNs that Dispersive provides, to reduce the attack surface and prevent exploitation of known vulnerabilities,” said Pingree. “By addressing these statistics and implementing robust security measures, organizations can reduce their risk exposure and protect against diverse types of cyber threats.”
