Security

As we navigate an increasingly digital landscape, the threats posed by cybercriminals are evolving at an alarming pace. The latest predictions highlight a future where AI-driven technologies, particularly deep fakes, will become more sophisticated, making it challenging for individuals and organizations to distinguish between genuine and malicious entities.

This article explores three critical predictions regarding the future of cyber threats: the rise of hyper-realistic deep fakes, the escalation of browser-based ransomware attacks targeting essential infrastructure, and the growing risk of insider threats in remote work environments. Understanding these trends is crucial for developing effective strategies to safeguard against the next wave of cybercrime.

Sophisticated AI-Driven Deepfakes Will Bypass Traditional Security Measures

There are still various obstacles in the way of updating to Windows 11 24H2, but Microsoft has just removed one of them. Until now, systems with a USB scanner that used the eSCL scan protocol were blocked from installing the update, but this block has now been lifted.

This is not all that is to be found in the update, of course. There is a somewhat controversial switch to a shortened date format in the taskbar as well as a batch of important security fixes.

Despite decades of technological advancement, email remains the predominant attack vector for cybercriminals, with estimates suggesting that 80-90 percent of cyberattacks originate through email channels. While the cybersecurity industry has made significant strides in other areas, many businesses continue to rely on outdated email security measures that leave them vulnerable to increasingly sophisticated threats. This protection gap demands immediate attention from IT leaders.

Traditional secure email gateways (SEGs) like Mimecast and Proofpoint have served as the backbone of organizational email security for years. Similar to how traditional firewalls operate at network perimeters, these gateways excel at blocking known threats through signature-based detection and basic filtering rules. However, just as modern network security has evolved beyond simple perimeter defenses, email security requires a more sophisticated approach.

In an era when successful hacks are now an inevitability, too many organizations have a false sense of security when it comes to their data. Unfortunately, cyber criminals are ready and willing to take advantage of this complacency.

Gone are the days when CISOs could simply focus on building up frontline cyber defenses alone. Today’s cyber adversaries are using AI technologies like ChatGPT to augment and elevate the sophistication and effectiveness of their attacks on an industrial scale. Whether that’s automating how they scan for vulnerabilities or initiating highly adaptive attacks that can evade traditional perimeter security measures.

0patch has revealed a 0day vulnerability that affects all desktop versions of Windows as well as Windows Server. In all, a staggering 21 different editions of Windows have the security issue which is described as a URL File NTLM Hash Disclosure vulnerability.

The security patching firm has reported the issue to Microsoft but -- as has been the case in the past -- the Windows-maker has yet to produce a fix. Stepping up to fill the void, 0patch has released free micropatches for all affected versions of Windows.

Thanks to the proliferation of smartphones, QR code usage globally has surged by 57 percent, and by 2025, it is forecast to increase by another 22 percent. And up to eight new QR codes are generated per minute globally.

It is no surprise then why QR codes are everywhere -- on billboards, shopping malls, event brochures, restaurant menus, charity websites, parking spaces, you name it! Of course, the genius of QR codes is their ease of use and convenience. For users, one scan and the job is done, be that registering for an event or purchasing an item.  

Gartner predicts that public cloud end-user spending will surpass $675 billion by the end of 2024. In 2025, as AI systems proliferate and organizations increasingly store sensitive data in public cloud infrastructure, many stakeholders will begin demanding more robust cloud security measures.

Additionally, cybercriminals are becoming more inventive than ever. They now rely on AI and machine learning (ML) to improve and iterate on their methods, just as we all do. Interestingly, despite advances in cloud security, research suggests that common vulnerabilities like unenforced multi-factor authentication (MFA) and long-lived credentials continue to expose many companies to risk. Patching these known vulnerabilities will be crucial next year.

Cybersecurity is often frustratingly seen as a boardroom burden -- a compulsory cost to keep threats at bay. This “necessary evil” mindset is holding businesses back and leading to a critical opportunity to leverage security as a driver of success being missed.

It’s time we looked at cybersecurity investments differently. Rather than the board reluctantly seeing the investments solely as a necessity for threat prevention, organizations should see cybersecurity also as a powerful enabler of productivity and growth. As digital transformation accelerates across manufacturing, healthcare, and other critical infrastructure sectors where cyber-physical systems (CPS) underpin operations, security needs to keep up with the pace of innovation, supporting -- and even driving -- new efficiencies, customer trust, and competitive advantages which all come with improving cyber and operational resilience.

Linux-based operating systems have long been heralded as being inherently more secure than Windows. Whether or not this is true is open to debate, as is the impact of user numbers on making an OS a target for malware writers.

A key security concern in recent times has been UEFI bootkits, and it has been something affecting only Windows-based systems. Now, however, security firm ESET has revealed details of Bootkitty, the first UEFI bootkit designed for Linux systems.

Although the cyber threat landscape rarely stands still, some age-old attack vectors will continue to be revisited by cyber criminals. For example, the cyber security risks of removable media -- which have persisted for years -- are presenting fresh challenges for security teams. 

This is because, thanks to its convenience and cost, removable media remains a cornerstone of the operations of critical national infrastructure (CNI) sectors. Devices such as USB drives are used by CNI operators and their third-party service partners to handle sensitive data, perform physical data transfer, and carry out vital operational tasks such as firmware updates in air-gapped networks. 

Phishing is on the rise. Egress' latest Phishing Threat Trends Report shows a 28 percent surge in attacks in the second quarter of 2024 alone. But what’s behind the increase? There are a few factors in play. Like any other form of threat, phishing is becoming more sophisticated with hackers now having access to a variety of new AI-powered tools to generate email messages, payloads, and even deepfakes.

Further, these technologies and the cyberattacks they can create are now easier to access than ever. Especially as more hackers tap into the professional services on offer from a mature and diverse Crime as a Service (CaaS) ecosystem of providers selling everything from the mechanisms to create attacks to pre-packaged phishing toolkits that promise to evade native defenses and secure email gateways (SEGs).

As financial institutions prepare for the EU's Digital Operational Resilience Act (DORA) enforcement in January 2025, IT teams face a complex challenge: ensuring their Salesforce implementations meet new technical requirements while maintaining operational efficiency.

The regulation's focus on ICT risk management demands a comprehensive technical approach beyond basic security measures. For organizations utilizing Salesforce as a critical business platform, this represents a fundamental shift in how system architecture and security must be approached.

In November 2024, Russia began blocking Cloudflare’s implementation of Encrypted Client Hello (ECH), a privacy-focused extension of the TLS protocol.“This technology is a means of circumventing restrictions on access to information banned in Russia. Its use violates Russian law and is restricted by the Technical Measure to Combat Threats (TSPU),” the statement by the Russian Internet regulator read.

Russia, known for its tight control over internet access, views ECH as a tool for bypassing geo-restrictions, though that was never its intended purpose. This move follows a broader pattern of censorship and surveillance. Over the past few years, Russia has been cracking down on VPNs, making it harder for users to circumvent government-imposed restrictions.

Having already tested the waters with Windows Server for the last couple of years, Microsoft is bringing hotpatch updates to Windows 11 24H2.

The key advantage to hotpatching is that it allows for security updates to be installed without the need for a restart. This is something which is important for businesses, so it is perhaps not surprising that Microsoft is previewing hotpatch updates in Windows 11 Enterprise.

A growing challenge for 6G wireless development involves the potential for unexpected cybersecurity vulnerabilities. This is especially true given the growing set of Internet of Things (IoT) use cases with complexities such as connected cars, smart cities, and even satellite-based (non-terrestrial networks (NTN) IoT. The expanding security threat surface is particularly concerning due to its novelty and the lack of thorough testing by researchers.

IoT vulnerabilities themselves are nothing new. We have seen the hacking of home doorbell cameras since the advent of 4G. However, that problem has less to do with wireless standards than with homeowners making poor decisions about how to manage device passwords.