In the realm of relevant data sources for cyber threat analysis, publishers stand as some of the most reliable providers, if one overlooks the bias of highlighting issues they can solve with their products.
Thus, Crowdstrike has made available its report modestly titled Global Threat Report 2024, aiming to present the most significant threats for the coming year (and likely beyond).
This comprehensive report (60 pages) outlines both the most notable attacks of 2023 (which is fascinating and relatively unknown) and attempts to project the state of threats for 2024.
And what to say about the year 2024, which could be described as the year of all dangers on the cyber front.
First, an explosive global political context: Russian, American, Indian, Iranian, South American, African, EU elections. Simply put, nearly half of the planet's population will be called to the polls this year. An exceptional alignment and a boon in the development of fake news and mass manipulation!
The year 2024 is also marked by major sporting events: Olympics, Euro of Football, ANC.
For example, experts estimate 3 billion cyberattacks are planned during the 4 weeks of the Paris Olympics competitions!
Add to this increasingly powerful, relevant, and affordable innovation technologies for a few euros per month.
And finally, add a touch of a warlike context 🫶
And you get the recipe for all the temptations for hackers and hacktivists worldwide... but also passing opportunists!
What about AI in this context?
I won't tell you anything new by saying that generative AI represents the most predominant threat in this context. This technology, by its very essence, has blurred the lines between tool and weapon, offering both the most inventive and the most malevolent minds a power hitherto unprecedented.
They gradually eliminate the learning barriers that limit the number of candidates capable of implementing certain attacks. Today, everyone can pretend to be whoever they wish: “Code this for me…, write this for me…, make me an image of…, film me a plan that.., write me a malware that…oops 😬.”
What yesterday required years of learning and restricted access to sophisticated resources is today at the click of a button or a voice command, expanding the possibilities in the field of cybercrime.
The ease of access to this technology raises a fundamental question: how to secure a world where every individual can become a code craftsman, capable of designing malware or manipulating information with unsettling ease? This question is not just technical; it's deeply philosophical, questioning our relationship with technology and the power it confers.
On one hand, generative AI enhances the operational capabilities of seasoned attackers by saving them valuable time (and time is money).
On the other hand, it opens the door for opportunists of all stripes by allowing them to write emails without making a mistake in about 90 languages (Scammers of all kinds rejoice). If we also consider the ability to tamper with visuals and audio, there's plenty to be frightened about.
The duality of generative AI, capable of both beneficial innovations and destructive manipulations, forces us to rethink our approach to cybersecurity. It's no longer just about defending our systems against external attacks but understanding and controlling the intrinsic potential of AI to shape a reality that aligns with our ethical and social values.
Critical thinking, are you there?
The reality we perceive is mainly determined by our senses. The apple is sweet, I smell this scent, I see this painting in front of my eyes, I hear the music, I can feel this material.
The digital era limits our interaction with the world through digital filters, reducing our sensory experience to what can be seen or heard through screens. This sensory restriction makes us particularly vulnerable to digital illusions, where images, videos, and sounds can be manipulated with unsettling precision, challenging our perception of reality.
In this context, the development of critical thinking is not a luxury but a vital necessity. It's no longer just about reading between the lines but understanding that behind every pixel may hide an intention, whether innocent or malevolent. The question is no longer about the credibility of information but rather how and for what purpose it was designed or altered.
We all need to change our approach to "reality" and be aware that in the digital space our capabilities are limited and we are vulnerable.
This challenge, inherent to our digital era, forces us to be constantly on alert, questioning and verifying the information that reaches us. It's a permanent exercise in vigilance, where each individual must equip themselves with the intellectual tools necessary to navigate confidently through a sea of potentially misleading information.
Image, video, sound, text: Everything can potentially be fake behind a screen and must therefore be treated with caution.
eCRIME cake
Another trend emerging from this report is ultimately a consequence of the first, namely the increase in attacks, especially phishing. But again, we must move beyond the archaic model of the typo-ridden email inviting you to click to retrieve your inheritance blocked in Nigeria.
The main vector of this threat is undoubtedly identity theft. It's THE most valuable and sought-after entry point for hackers.
Identity symbolizes the drawbridge of the Middle Ages (surrounded by its imposing turrets). But once the city gates are passed, you have access to the entire village: its shops, its houses, its inhabitants without any restriction (or almost).
Let's take a daily example to illustrate this point. You arrive in the morning, and you have a Slack notification from your colleague with whom you work absolutely every day saying something like:
“Hello, it's a mess this morning, the db seems down, and what's weird is that the dashboard, even with the admin account, shows nothing. Take a look: https://clickonmyinfectedlinktotheadminconsole.com does it look the same to you? It's weird, isn't it?”
Now, ask yourself, how would you have reacted?
Who among us would have clicked on the link from their colleague with whom they play five-a-side football every week? (I'm the first to admit it).
The trap of identity theft often unfolds in the meanders of our digital daily life, manifesting through seemingly mundane communications but injected with malice. An email, a message on a communication platform, or even a notification appearing to come from a colleague or friend can be the beginnings of a sophisticated attack. These schemes, cleverly disguised as ordinary interactions, play on the slippery slope of trust and familiarity, encouraging their targets to let their guard down.
Facing this insidious threat, the question is not so much whether we would be fooled by such subterfuge, but rather how we can strengthen our defenses to recognize and thwart these manipulation attempts. The answer lies in a combination of vigilance, education, and advanced security technologies, forming a multi-dimensional shield against identity theft.
Priority education zone
In this quest, the challenge is to balance exploiting AI's benefits for protecting our digital spaces with preventing its use as a threat vector. The solution to this challenge lies not only in developing technological countermeasures but also in establishing ethical frameworks and regulations that guide AI use, ensuring it remains a pillar of progress rather than an instrument of chaos.
The conclusion that emerges with palpable urgency is the pressing need for comprehensive and accessible digital education for all. This education does not merely provide technical knowledge; it aims to elevate our collective understanding of the digital world, thus forging digitally savvy citizens equipped with critical thinking and discernment.
The importance of this education transcends mere skill acquisition. It lies at the heart of our ability to defend our individual and collective sovereignty in cyberspace. Faced with increasingly sophisticated and persuasive cyber threats, the ability to identify, understand, and counter risks becomes a major national and personal security issue.
Digital education should be established as a priority education zone, an indispensable investment for the future. By cultivating a generation of digitally enlightened citizens, we forge the defenders of tomorrow, capable of protecting not only their data but also the very foundations of our democracy. This educational mission extends beyond classrooms, involving every sector of society in a collaborative effort to ensure a safe and inclusive digital future.