Virtualization Technology News and Information
Article
RSS
WatchGuard 2024 Predictions: Headline-Stealing Hacks Involving AI-Based Voice Chatbots & Modern VR/MR Headsets

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Headline-Stealing Hacks Involving AI-Based Voice Chatbots & Modern VR/MR Headsets

By Corey Nachreiner, CSO at WatchGuard

Every new technology trend opens up new attack vectors for cybercriminals. With an ongoing cybersecurity skills shortage, the need for Managed Service Providers (MSPs), unified security and automated platforms to bolster cybersecurity and protect organizations from the ever-evolving threat landscape has never been greater. In the coming year, the emerging threats targeting companies and individuals will be even more intense, complicated, and difficult to manage. Today, I'm sharing three 2024 cybersecurity predictions from WatchGuard's Threat Lab research team and diving into the reasoning behind them.

1.  AI Spear Phishing Tool Sales Boom on the Dark Web 

While AI/ML may still only account for a fraction of attacks, during 2024 we expect to see threat actors really begin experimenting with AI attack tools and start to sell them on the underground.  We foresee a boom in the emerging market for automated spear phishing tools, or a combination of tools, on the dark web. Spear phishing is one of the most effective tactics attackers have to breach networks. However, traditionally it has also required a massive amount of manual work to research and target victims. There are already publicly available tools for sale on the underground to send spam email, automatically craft convincing, targeted text when equipped with the right prompts, and scrape the Internet and social media for a particular target's information and connections. But a lot of these tools are still manual and require attackers to target one user or group at a time. Well-formatted procedural tasks like these are perfect for automation via AI/ML. During 2024, we expect to see at least one AI/ML-based tool to help automated spear phishing show up for sale on the underground.

2.  AI-Based Vishing Takes Off in 2024 

Voice phishing (vishing) increased over 550% YoY between the first quarter of 2021 and Q1 2022. Vishing is when a scammer calls you pretending to be a reputable company or organization or even a co-worker (or someone's boss) and tries to get you to do something they can monetize, such as buying gift cards or cryptocurrency on their behalf.

The only thing holding this attack back is its reliance on human power. While VoIP and automation technology make it easy to mass dial thousands of numbers and leave messages or redirect victims unlucky enough to answer, once they've been baited to get on the line, a human scammer must take over the call to reel them in (so to speak). Many of these vishing gangs end up being large call centers in particular areas of the world, very similar to support call centers, where many employees have fresh daily scripts that they follow to socially engineer you out of your money. This reliance on human capital is one of the few things limiting the scale of vishing operations.

We predict that the combination of convincing deepfake audio and large language models (LLMs) capable of carrying on conversations with unsuspecting victims will greatly increase the scale and volume of vishing calls we see in 2024. What's more, they may not even require a human threat actor's participation.

3.  VR/MR Headsets Allow the Re-Creation of User Environments 

Virtual and mixed reality (VR/MR) headsets are finally beginning to gain mass appeal.

VR/MR headsets offer a ton of new and personal information for attackers to steal, monetize, and weaponize. Among that information is the actual layout of your house, home office or play space.

To track your presence in a virtual environment properly, these headsets must track you in real space. They do so with various cameras and sensors that get many perspectives of the room or area you inhabit. Even when they only use 2D cameras, combining the multiple camera angles with photogrammetry could allow someone with access to that data to get the layout of the room you are in. More recently, the already popular Quest 3 headset added a depth sensor, which allows it to not only automatically get a more detailed layout of your real-life environment, but also of the furniture and objects within that environment. These headsets have also added "passthrough" and mixed reality features, which allow you to walk around your entire house with the headset on, all the while using that depth sensor to potentially 3D map the layout of your surroundings wherever you go.

So far, the creators of these headsets do not yet seem to be looking to store this data for their own purposes ("yet" being the operative word here). They also try to design safeguards to prevent software or malicious actors from gaining access. But it is there; and for those with the will, a way can always be found. In 2024, we predict either a researcher or malicious hacker will find a technique to gather some of the sensor data from VR/MR headsets to recreate the environment users are playing in.

As these threats evolve from predictions to potential reality, it's vital to ensure you have the resources and solutions to protect your business and your customers. To learn what other emerging threat trends and security techniques are lurking around the corner and how you can help protect against them, check out the WatchGuard Threat Lab's complete list of 2024 Cybersecurity Predictions and accompanying videos here.  

##

ABOUT THE AUTHOR

Corey Nachreiner 

Corey Nachreiner is the chief security officer (CSO) of WatchGuard Technologies. Recognized as a thought leader in IT security, Nachreiner spearheads WatchGuard's technology and security vision and direction. He has operated at the frontline of cybersecurity for 25 years, evaluating and making accurate predictions about information security trends. As an authority on network security and an internationally quoted commentator, Nachreiner's expertise and ability to dissect complex security topics make him a sought-after speaker at forums such as Gartner, Infosec, and RSA. He is also a regular contributor to leading publications including CNET, Dark Reading, Forbes, Help Net Security, and more. Find him on www.secplicity.org

Published Monday, December 11, 2023 7:36 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2023>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456