The eruption of artificial intelligence (AI) in 2023 suggests digital technology will become even smarter, more powerful, and more personal in 2024. In this article, we deep-dive into five of the biggest threats we’ve seen over the past year, exploring what these mean for consumers and how to stay ahead.
1. AI threats: a new age
In 2023, we saw what could best be described as a teaser for how AI will both enrich and threaten our digital lives. While we saw progress in how AI can be used to benefit cyber security, there was also a rise in AI-driven and enabled attacks, with AI used to create realistic deepfakes and adaptive malware.
This dual-edged development highlighted the technology’s critical and evolving role in cyber security, and we saw both challenges and opportunities come from it.
How is AI being used for bad?
Generative AI tools like ChatGPT offer real promise for how we can both streamline everyday tasks and enable major breakthroughs on a societal level. But there’s a darker side to this.
While the mainstream AIs developed by organizations like OpenAI and Google will always include guardrails that help to prevent their misuse, cyber criminals will always find a way to weaponize a powerful tool. We’ve already seen how generative AI is being exploited, with the creation of “WormGPT” and “FraudGPT” large language models (LLMs) like ChatGPT but made by and sold for criminals.
How to protect yourself against AI threats:
It’s important to remain vigilant and practice good cyber security hygiene. This includes doing things like verifying the authenticity of the emails or other messages you receive and avoiding clicking on suspicious links.
Be aware and cautious of deepfakes, especially in social media and news contexts, and verify information from credible sources.
Standard good practices such as using strong, unique passwords, two-factor authentication, and regularly updating your security software can also help to protect against AI generated attacks.
Staying informed about emerging threats and being cautious during online interactions, such as avoiding sharing personal information over the phone, are essential precautions to take.
2. Phishing: evolving tactics
In 2023, phishing scams continued to mimic messages from platforms with lots of users to target a wide range of consumers. Of the targeted e-commerce platforms, Amazon was the most impersonated, accounting for 40% of the phishing messages we captured. eBay and Mercado Libre followed, demonstrating the wide range of e-commerce platforms at risk.
Social media wasn’t spared, as Facebook and WhatsApp users were targeted as well, with a staggering 96% of social media-related phishing scams masquerading as communications from Meta’s platforms. In the gaming world, Garena and Steam were also highly impersonated, with 46% and 42% of all gaming-themed phishing targeting their vast user bases.
What is phishing and is it still a threat?
Phishing is a form of cyber crime where scammers pretend to be trusted entities, such as popular fashion brands or banks, to steal sensitive data from you. But with the rise of “quishing”, or QR code phishing, in 2023, scammers are now expanding their reach with fake QR codes leading to websites that look real but are set up to steal your sensitive information like credit card numbers or login details.
As QR codes are used more often for legitimate services, this type of scam is also becoming more common. “Smishing”, through text messages, and “vishing”, through phone calls, also continued to be widely used by scammers to ask for personal, banking, or password details.
How to avoid phishing scams:
It’s important to stay alert and informed and be cautious about surprise messages asking for personal information.
Always check if these messages are real, turn on multi-factor authentication for extra security on your accounts, and use advanced spam filters to keep suspicious emails at bay.
Be sure to keep up to date with the latest tricks like 'quishing' and 'smishing' to protect yourself from these sneaky tactics.
3. Mac threats: rise of the infostealer
Until now, infostealers have generally been regarded as a problem for Windows PCs and Android. However, in 2023 F‑Secure observed a significant emergence of infostealers that target macOS. One of the most common infostealers was Atomic, which targeted passwords, credit cards, and browser cookies from various online platforms and cryptocurrency wallets.
Regardless of the rising threat of infostealers, the most prevalent file and malware-based threats on macOS are still phishing via malicious PDFs, annoying adware, and potentially unwanted applications (PUAs) that may cause unexpected behavior or display ads on your Mac.
Cyber threats specifically targeting macOS systems include malware, adware, ransomware, and other malicious software. The sophistication and frequency of these threats have been increasing, meaning Macs are no longer peripheral targets for cyber criminals. We have also seen certain creators of malware start to target Mac specifically, indicating that Mac threats are on the rise.
How to protect your Mac:
Protecting Macs involves a combination of updated security practices and tools. Regularly updating macOS to patch security vulnerabilities is crucial. Luckily macOS comes with the auto-update feature on by default for security patches, so make sure your Mac’s charger is plugged in at night as this enables your Mac to manage updates while you’re away.
MacOS does allow manual bypass of security features which can leave your Mac open to threats such as malware. Using comprehensive antivirus and anti-malware solutions specifically designed for Macs can significantly reduce the risk of infection.
Finally, remember to be vigilant about the software you download and the websites you visit, and be sure to avoid any unofficial sources that might have malicious content on offer.
4. PC threats: persistent and evolving
In 2023, the PC threat landscape was dominated by infostealers, with our research finding 89% of all Windows threats were different types of these. Infostealers are malware that steal information stored on your computer as well as your browser, such as saved logins, active logged in session cookies, or saved credit card details.
The threats we saw were particularly focused on harvesting personal and financial data and showed advanced capabilities in evading detection and exploiting system vulnerabilities. Cyber criminals were also quick to capitalize on the rapid rise in popularity of ChatGPT, as we saw Redline stealer malware hidden inside a fake ChatGPT installer and distributed throughout the year.
We saw a broad range of attacks targeting Windows-based systems, including malware, ransomware, spyware, and newer fileless attacks that exploit legitimate system processes. The increasing availability of malware-as-a-service has made these attacks more accessible, leading to a rise in incidents.
How to protect your PC:
To protect against PC threats, you need to use a robust antivirus solution, regularly update your software and devices, and adopt good cyber security hygiene overall.
Advanced endpoint protection can also detect and neutralize sophisticated threats.
Staying up to speed on the risks of phishing, suspicious downloads, and unsecured websites is also crucial to help mitigate the potential data loss caused by different malware.
Finally, regular backups and the use of cloud services can help to mitigate the damage from potential data loss caused by different malware.
5. Mobile threats: the growing frontier
In 2023, the mobile cyber threat landscape really evolved, with Android devices experiencing a mix of mobile malware and potentially unwanted applications (PUAs). Throughout the year we saw a consistent presence of SpyNote spyware incidents, with notable increases in activity in January, May, and November. Spyware is a type of malware that infects your device and spies on what you do. It then passes the collected information back to the criminal responsible for the infection.
Malware made up 58% of threats, while PUAs such as adware made up 42% — showing a real risk from both intentionally harmful software and intrusive but non-malicious applications. The trend of infections rose as the year progressed, showing an increased vulnerability within the mobile space and the crucial need for better security awareness and measures.
How to protect yourself against mobile threats:
To protect against mobile threats, you should install apps only from official app stores and keep your operating systems updated. Be cautious about granting app permissions too.
Mobile security apps and antivirus for Android provide a valuable extra layer of protection.
Regular backups and enabling features like remote wipe can help mitigate the impact of a compromised or stolen mobile device.