Big prey, big payouts: Big game cyber hunting will return in 2024

2023 has been another wild year for cybercrime. In October, Boeing’s systems were breached through a zero-day vulnerability, with hacking group LockBit threatening to publicly release sensitive files if the ransom wasn’t paid in a week. One month prior, MGM Resorts was hit by a ALPHV/BlackCat social engineering attack estimated to impact the company’s third-quarter financial results by about $100 million. That same month, two major hospitals serving thousands of New York patients struggled to recover from a LockBit cyberattack that forced them to reschedule appointments and divert ambulances to other hospitals.

But what is in store for 2024? Let's look at some of these trends from 2023 in more detail to better understand what will be facing us next year.

Ransomware Surges in 2023

In the past year, we’ve seen ransomware actors go after big prey, with the swift return of big game hunting cyber tactics. Cyber criminals seem to emphasize quality over quantity and even set minimum ransom demands. Despite a ransomware downturn in 2022, the landscape has rebounded: the average cost of an extortion incident has nearly doubled from 2022 to 2023, and victims are paying out higher demands (>$1M) at a rate nearly 4x that of 2022. Even as the industry makes major moves to stem the tide of cyberattacks -- such as New York’s proposed cybersecurity regulations for hospitals -- this new wave of ransomware shows no signs of slowing down as we head into 2024.

Scaling Cybercrime Through Third-Party Vendors

Criminals are executing more dangerous, large-scale attacks due to a few emerging trends. We’ve seen a noticeable pickup in ransomware groups targeting third-party vendors to conduct sweeping attacks on thousands of companies in a single move -- exemplified during the MOVEit attacks earlier this year. More and more organizations are recognizing the business benefits of partnering with multiple third-party vendors, but the unintended cybersecurity challenges of these partnerships are proving to be a massive challenge for companies. In fact, our research found that third-party breaches have become the top point-of-failure and cause-of-loss throughout the first half of 2023.

The GenAI Social Engineer

Simultaneously, social engineering has come into the spotlight once again, but in a new way. As large language models (LLMs) have grown in popularity across the enterprise over the past year, a similar trend has emerged in cybercrime. Hackers are now employing this powerful technology to execute even more dangerous social engineering attacks in a fraction of the time. It should come as no surprise that cybercriminals can tap this technology to create more effective, highly personalized phishing attacks, impersonate organizations or individuals, and create misinformation on social media platforms. Social engineering is a threat that won’t go away, and while AI can be a force for good in cybersecurity, we will also see it be used more frequently as a malicious tool on large corporations in the next year and beyond.

Whether it was the breach of the security company Okta or hacks on major companies like MGM Resorts, criminals are finding success in leveraging these tactics to hit major targets with significant impact. Thinking ahead to 2024, CISOs and their teams can take several actionable steps to prepare.

Organizations must change the way they evaluate risk, particularly as it pertains to vendor partners. CISOs and their teams should be proactive when choosing vendors to ensure their security requirements and data retention policies are in alignment. Enterprises should also recognize that new AI-related security challenges will take shape as this technology is applied and adopted in new ways.

Equally as important, companies need to take a people-first approach to cybersecurity. To further reinforce security against social engineering and phishing attacks, more sophisticated training and more robust email security measures should replace traditional mitigation measures, like searching for spelling errors or strange sender domains. Beyond individual training, companies should reevaluate their internal leadership coordination on cyber risks. 

Too often, we see communication breakdowns between CISOs and the rest of the organization on prioritizing security spending or controls over business objectives. This either-or mentality leads to inefficient security practices and policies. Timeless as the advice might be, organizations must align on common business objectives and use a value-at-risk approach to determine what security investments provide the highest “return-on-controls” (RoC). This helps CISOs put reasonable and actionable goals and processes into practice to better manage security risk.

2023 might have marked the start of a new era of ransomware and big game hunting. Still, I’m hopeful that we are seeing a shift in the cybersecurity market towards an approach that understands what tactics and trends are emerging and prioritizes investments to limit financial loss. Only then can organizations be proactive, informed, and vigilant in the face of emerging threats as we head into the new year.

Image Credit: Stuart Miles/Shutterstock

Vishaal "V8" Hariprasad is the co-founder and CEO of Resilience. As a licensed insurance broker and producer, as well as a veteran of both the US Air Force and the cybersecurity industry, V8 brings the leadership skills he honed in his years with the military to Resilience. Prior to Resilience, he co-founded Morta Security (acquired by Palo Alto Networks) and served as a founding partner at the Pentagon’s Defense Innovation Unit Experimental. At Resilience, V8 leads the company’s efforts to bridge the divide between cyber insurance, risk management, and cybersecurity, enabling clients to build cyber resilience in a rapidly shifting threat landscape.