The rapid development of AI, international tensions, and the proliferation of \u201csmart\u201d technologies like the internet of things (IoT) make the upcoming year particularly challenging in terms of cybersecurity. Each of us will face these challenges in one way or another, so, as per tradition, we\u2019re here to help all our readers make a few New Year\u2019s resolutions for a more secure 2024.<\/p>\n
E-commerce and financial technologies continue to expand globally, and successful technologies are being adopted in new regions. Instant electronic payments between individuals have become much more widespread. And, of course, criminals are devising new ways to swindle you out of your money. This involves not only fraud using instant money-transfer systems<\/a>, but also advanced techniques for stealing payment data<\/a> on e-commerce sites and online stores. The latest generations of web skimmers<\/a> installed by hackers on legitimate online shopping sites are almost impossible to perceive, and victims only learn that their data has been stolen when an unauthorized charge appears on their card.<\/p>\n Generative artificial intelligence has dominated the news throughout 2023 and has already significantly affected the job market. Unfortunately, it\u2019s also been used for malicious purposes. Now, just about anyone can create fake texts, photos, and videos in a matter of minutes \u2014 a labor that previously required a lot of time and skill. This has already had a noticeable impact on at least two areas of cybersecurity.<\/p>\n First, the appearance of fake images, audio, and video on news channels and social media. In 2023, generated images were used for propaganda purposes<\/a> during geopolitical conflicts in post-Soviet countries and the Middle East. They were also used successfully by fraudsters for various instances of fake fundraising<\/a>. Moreover, towards the end of the year, our experts discovered massive \u201cinvestment\u201d campaigns in which the use of deepfakes<\/a> reached a whole new level: now we\u2019re seeing news reports and articles on popular channels about famous businessmen and heads of state<\/a> encouraging users to invest in certain projects \u2014 all fake, of course.<\/p>\n Second, AI has made it much easier to generate phishing emails, social media posts, and fraudulent websites. For many years, such scams could be identified by sloppy language and numerous typos, because the scammers didn\u2019t have the time to write and proofread them properly. But now, with WormGPT and other language models optimized for hackers, attackers can create far more convincing and varied bait on an industrial scale<\/a>. What\u2019s more, experts fear that scammers will start using these same multilingual AI models to create convincing phishing material in languages and regions that have rarely been targeted for such purposes before.<\/p>\n Some experts anticipate the emergence of AI-generated content analysis and labeling systems in 2024. However, don\u2019t expect them to be implemented quickly or universally, or be completely reliable. Even if such solutions do emerge, always double-check any information with trusted sources.<\/p>\n High-quality AI-based voice deepfakes are already being actively used in fraudulent schemes. Someone claiming to be your \u201cboss\u201d, \u201cfamily member\u201d, \u201ccolleague\u201d, or some other person with a familiar voice might call asking for urgent help \u2014 or to help someone else who\u2019ll soon reach out to you. Such schemes mainly aim to trick victims into voluntarily sending money to criminals. More complex scenarios are also possible \u2014 for example, targeting company employees to obtain passwords for accessing the corporate network<\/a>.<\/p>\n Poorly protected IoT devices<\/a> create a whole range of problems for their owners: robot vacuum cleaners spy on their owners<\/a>, smart pet feeders can give your pet an unplanned feast or a severe hunger strike<\/a>, set-top boxes steal accounts and create rogue proxies on your home network<\/a>, and baby monitors and home security cameras turn your home into a reality TV show without your knowledge<\/a>.<\/p>\n What could improve in 2024? The emergence of regulatory requirements for IoT device manufacturers. For example, the UK will ban the sale of devices with default logins and passwords<\/a> like \u201cadmin\/admin\u201d, and require manufacturers to disclose in advance how long a particular device will receive firmware updates. In the U.S., a security labeling<\/a> system is being developed that will make it possible to understand what to expect from a \u201csmart\u201d device in terms of security even before purchase.<\/p>\n Scams involving fake texts, images, and voices messages can be highly effective when used on elderly people, children, or those less interested in technology. Think about your family, friends, and colleagues \u2014 if any of them may end up a victim of any the schemes described above, take the time to tell them about them or provide a link to our blog<\/a>.<\/p>\nWhat to do?<\/h4>\n
\n
Don\u2019t believe everything you see<\/h2>\n
What to do?<\/h4>\n
\n
Don\u2019t believe everything you hear<\/h2>\n
What to do?<\/h4>\n
\n
Buy only safe internet-of-things (IoT) smart devices<\/h2>\n
What to do?<\/h4>\n
\n
Take care of your loved ones<\/h2>\n
What to do?<\/h4>\n
\n