Trend Micro, a leading global cybersecurity company, cautions about the transformative impact of generative AI (GenAI) in the cyber threat landscape, anticipating a surge in sophisticated social engineering tactics and identity theft powered by GenAI tools. Eric Skinner, VP of Market Strategy at Trend Micro, emphasizes the significant threat posed by advanced large language models (LLMs), proficient in any language, as they eliminate traditional phishing indicators, making them challenging to detect.

“Advanced large language models (LLMs), proficient in any language, pose a significant threat as they eliminate the traditional indicators of phishing such as odd formatting or grammatical errors, making them exceedingly difficult to detect. Businesses must transition beyond conventional phishing training and prioritize the adoption of modern security controls. These advanced defenses not only exceed human capabilities in detection but also ensure resilience against these tactics.”

Eric Skinner, VP of market strategy at Trend Micro

What to expect

• GenAI in Phishing: The widespread availability and improved quality of GenAI, along with Generative Adversarial Networks (GANs), are expected to disrupt the phishing market in 2024. This transformation will facilitate the cost-effective creation of hyper-realistic audio and video content, driving new waves of business email compromise (BEC), virtual kidnapping, and other scams.
• Incentives for Threat Actors: Threat actors, driven by potentially lucrative gains, are anticipated to develop nefarious GenAI tools for campaigns or leverage legitimate ones with stolen credentials and VPNs to hide their identities. AI models, particularly specialized cloud-based machine learning models, may also be targeted in data poisoning attacks with various outcomes, such as exfiltrating sensitive data or disrupting fraud filters.
• Industry Self-Regulation: The cybersecurity industry is expected to outpace the government in developing AI-specific policies or regulations in 2024. The industry is likely to engage in self-regulation on an opt-in basis to address the evolving cyber threats posed by GenAI.

Additional Trends

• Cloud-Native Worm Attacks: Anticipated surge in cloud-native worm attacks targeting vulnerabilities and misconfigurations, using high automation to impact multiple containers, accounts, and services with minimal effort. Emphasizes the need for organizations to address security gaps in cloud environments.
• Supply Chain Attacks: More supply chain attacks targeting upstream open-source software components and inventory identity management tools. Cybercriminals may exploit vendors’ software supply chains through CI/CD systems, focusing on third-party components.
• Private Blockchain Attacks: Anticipated increase in attacks on private blockchains due to vulnerabilities in their implementation. Threat actors could modify, override, or erase entries, demand ransom, or attempt to encrypt the entire blockchain.

Trend Micro’s predictions highlight the evolving threat landscape fueled by GenAI, highlighting the need for businesses to transition beyond conventional phishing training and adopt modern security controls. The report emphasizes the importance of industry self-regulation and proactive measures to address emerging cybersecurity challenges in the AI-driven landscape.