Threat Intelligence Team

At Gen, we are dedicated to building critical insights to help stay a step ahead of future cyberthreats and developing new ways to help protect people across their digital lives. Explore how we drive innovation.

Security Evangelist at Gen

Innovation

<p>"Scamverse." This concept, much like the multifaceted realms of the "Spiderverse" in the world of comic books, represents the complex and interconnected web of scams that dominate today's digital threats. As a cybersecurity expert with 25 years of experience, I have witnessed the evolution of these threats, from the early days of viruses and Trojans to the sophisticated scam-centric dangers we face today.&nbsp;</p><h2><strong>The Evolution of Cyberthreats</strong>&nbsp;</h2><p>Historically, the digital world was plagued primarily by viruses and Trojans. These were malicious programs designed to disrupt, damage, or gain unauthorized access to computer systems. With the popularization of the internet, a new breed of threats emerged, notably worms. These self-replicating programs could spread across networks without human intervention, marking a significant shift in the nature of cyberthreats.&nbsp;</p><p>However, as technology advanced and the internet became increasingly integral to daily life, cybercriminals adapted and evolved. The emergence of phishing scams, botnets, and ransomware signaled a shift from mere disruption to focused, profit-driven criminal activity. Phishing scams, in particular, demonstrated the opportunity to deceive or trick individuals into divulging sensitive information. We call it social engineering.&nbsp;</p><h2><strong>The Rise of the Scamverse</strong>&nbsp;</h2><p>The term "Scamverse" describes the current era, where the majority of cyberthreats involve some form of scam. This doesn't imply that all threats originate as scams, but it highlights the reality that most people are more likely to encounter a scam than any other type of cyberthreat. Scams in the digital age are diverse and sophisticated, ranging from email phishing and fake websites to social media scams and fraudulent online marketplaces.&nbsp;</p><p>In this scam-centric landscape, the primary weapon of cybercriminals is deception. Unlike traditional malware, which relies on exploiting technical vulnerabilities, scams exploit human vulnerabilities — trust, ignorance and fear. This makes them particularly insidious and difficult to combat, as they hinge on manipulating human psychology rather than breaching digital defenses.&nbsp;</p><h3><strong>Characteristics of the Scamverse</strong>&nbsp;</h3><ol><li><strong>Social Engineering:</strong> The cornerstone of most scams is social engineering, the art of manipulating people into performing actions or divulging confidential information. Phishing emails, for instance, often masquerade as legitimate communications from trusted entities to trick individuals into clicking on malicious links or sharing sensitive data.&nbsp;</li><li><strong>Financial Motivation:</strong> The primary objective of scams is financial gain. Whether through ransomware demands, the theft of financial information or fraudulent transactions, the end goal is invariably monetary.&nbsp;</li><li><strong>Targeted Attacks:</strong> Scams are increasingly personalized and targeted. Cybercriminals often gather information about their victims to craft more convincing and effective scams, increasing the likelihood of success.&nbsp;</li><li><strong>Exploitation of Current Events:</strong> Scammers are adept at exploiting current events, such as global pandemics or political upheavals, to create timely and relevant scam campaigns that prey on people's fears and uncertainties.&nbsp;</li></ol><h3><strong>Navigating the Scamverse</strong>&nbsp;</h3><p>Staying protected in the Scamverse requires vigilance and education. Traditional cybersecurity measures like antivirus software and firewalls remain essential, but they must be supplemented with awareness and skepticism. People should educate themselves about common scam tactics and question the legitimacy of unsolicited communications. Organizations should invest in regular training to keep employees informed about the latest scam techniques.&nbsp;</p><p>Additionally, solutions like email filtering, web reputation services and behavioral analytics can help identify and block scam-related activities. Collaborative efforts between cybersecurity firms, law enforcement and regulatory bodies are also crucial in dismantling large-scale scam operations.&nbsp;</p><h2><strong>The Dual Role of AI in the Scamverse</strong>&nbsp;</h2><p>Artificial Intelligence (AI) plays a paradoxical role in the Scamverse, acting as both a facilitator for cybercriminals and a powerful tool in the cybersecurity arsenal. This dual nature of AI in the realm of cyber threats underscores the ongoing arms race between attackers and defenders.&nbsp;</p><h3><strong>AI as a Tool for Cybercriminals</strong>&nbsp;</h3><p lang="EN-US">AI, as a tool for cybercriminals, significantly enhances the sophistication, reach, and effectiveness of scams. By leveraging natural language processing and machine learning, AI can craft highly convincing phishing emails and even use deepfake techniques in video and audio, making these scams increasingly challenging to distinguish from legitimate communications. Furthermore, AI facilitates automated social engineering, enabling bots to conduct personalized and persuasive interactions with potential victims on social media or via email. Additionally, AI algorithms are adept at harvesting and analyzing vast amounts of data to identify potential targets, tailoring scams to individuals' online behavior and striking at the most opportune moments, thereby increasing the success rate of these malicious attacks.&nbsp;</p><ol><li>As a tool for cybercriminals, AI significantly enhances the sophistication, reach and effectiveness of scams. By leveraging natural language processing and machine learning, AI can craft highly convincing phishing emails and even use deepfake techniques in video and audio, making these scams increasingly challenging to distinguish from legitimate communications. Furthermore, AI facilitates automated social engineering, enabling bots to conduct personalized and persuasive interactions with potential victims on social media or via email. Additionally, AI algorithms are adept at harvesting and analyzing vast amounts of data to identify potential targets, tailoring scams to individuals' online behavior and striking at the most opportune moments, thereby increasing the success rate of these malicious attacks.&nbsp;</li></ol><h3><strong>AI as a Defense Mechanism</strong>&nbsp;</h3><p>Conversely, AI is a formidable tool in combating the Scamverse, offering several advantages in detecting and preventing scams.&nbsp;</p><ol><li><strong>Continuous Adaptation:</strong> Perhaps the most significant advantage of AI in cybersecurity is its ability to continuously learn and adapt. For example, with <a href="https://us.norton.com/products/genie-scam-detector">Norton Genie</a>, as new types of scams emerge, the AI can be trained with the latest data points to recognize them. It analyzes messages, websites, social media posts and more, alerting you if it’s a potential scam and then giving you advice on the best next steps. &nbsp;</li><li><p lang="EN-US"><strong>Anomaly Detection:</strong> AI systems can analyze patterns in data to identify anomalies that may indicate scam activities. These systems can detect unusual patterns in network traffic, email communications or online transactions that human analysts might miss.&nbsp;</p></li><li><strong>Phishing Detection:</strong> AI can be trained to recognize the subtle signs of phishing attempts, such as slight deviations in email formatting, sender information or the language used. This can help in filtering out phishing emails before they reach the intended recipient.&nbsp;</li><li><strong>Behavioral Analysis:</strong> AI can monitor user behavior to detect signs of compromise or scam interactions. For example, sudden changes in the way a user interacts with a system or unusual financial transactions can trigger alerts.&nbsp;</li></ol><h2><strong>The Future Intersection of AI and Scamverse</strong>&nbsp;</h2><p>Looking forward, the intersection of AI and the Scamverse is poised to become increasingly complex. As AI technologies become more advanced, we can expect both the sophistication of scams and the effectiveness of our defenses to escalate. This dynamic landscape will require constant vigilance, innovation and collaboration, among cybersecurity professionals, technology developers and policymakers.&nbsp;</p><p><a href="https://www.gendigital.com/blog/news/innovation/ai-based-cyberthreats">AI's role</a> in the Scamverse is a double-edged sword. While it empowers cybercriminals with advanced tools to execute scams, it also equips cybersecurity experts with potent mechanisms to thwart these threats. The future of cybersecurity in the Scamverse will undoubtedly be shaped by the ongoing development and deployment of AI technologies, emphasizing the need for cutting-edge research and ethical AI practices in the field.&nbsp;</p><p><strong>Conclusion</strong>&nbsp;</p><p>The Scamverse represents the current and perhaps most challenging era in the evolution of cyberthreats. Its reliance on social engineering makes it uniquely dangerous, as it exploits human nature itself. Navigating this landscape requires a combination of technological solutions, education, and a healthy dose of skepticism. As we continue to adapt to these challenges, one thing is clear: the battle against the Scamverse will be as much about changing human behavior as it is about advancing technological defenses.&nbsp;</p>

In the ever-evolving landscape of cyberthreats, a new term has emerged to encapsulate the current era's predominant danger: "Scamverse."

The Scamverse: Navigating the New Frontiers of Cyberthreats

Global Privacy Compliance Program Manager

<h2><strong>What is Data Privacy Week?</strong> &nbsp;</h2><p>Data Protection Day originated in Europe to commemorate the first legally binding international treaty dealing with privacy and data protection. Now, the celebration has expanded to an entire week and is recognized worldwide. The mission of <a href="https://staysafeonline.org/programs/data-privacy-week/">Data Privacy Week</a>, observed January 21-27 this year, is to <em>inspire dialogue and empower individuals and companies to respect privacy, safeguard data and enable trust</em>.&nbsp;&nbsp;</p><p>Data Privacy Week, which encourages people everywhere to take control of their digital footprints, is run by the <a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstaysafeonline.org%2Fprograms%2Fdata-privacy-week%2F&amp;data=05%7C02%7CAlisha.Robinson%40gendigital.com%7C6a003a179aef40725ccf08dc16b91ab6%7C94986b1d466f4fc0ab4b5c725603deab%7C0%7C0%7C638410231503836756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=E3%2BMt372PJpwhWRw5v6FwZ1nCsxBCaH2fv6H1u0BOu4%3D&amp;reserved=0%22%20\o%20%22Original%20URL:%20https://staysafeonline.org/programs/data-privacy-week/%20%20Click%20to%20follow%20link.%22%20\t%20%22_blank">National Cybersecurity Alliance</a> (NCA). NCA advocates for the safe use of technology and helps governments and corporations work together to foster digital good.&nbsp;</p><p>Everything you do online generates data. Every time you shop, click, scroll, like, message, play and more, you are generating data. This personal information has tremendous value to businesses. The landscape of privacy and data protection laws and regulations continues to grow more complex. Companies with global operations that wish to advance the privacy rights of individuals and enable innovative products and services must comply with these laws and deliver meaningful data security to their customers; this can be challenging for many companies and difficult for people when trying to figure out if the apps and companies that hold their data are keeping it safe.  &nbsp;</p>

<h2><strong>How We Help People Protect Their Digital Lives</strong> &nbsp;</h2><p>For Gen, empowering people to take control of their digital lives is in our DNA. Security, transparency, and accountability are built into everything we do, and products like <a href="https://us.norton.com/products/norton-secure-vpn%22%20/t%20%22_blank">Norton Secure VPN</a> protect a person’s online privacy by hiding the computer’s address from websites visited from any device. Norton, a part of Gen, also offers <a href="https://us.norton.com/products/norton-360-deluxe%22%20/t%20%22_blank">Norton 360 Deluxe</a>, which can prevent activity or location tracking, as well as information theft, installation of malicious programs and uninvited changes to devices. We recently <a href="https://www.gendigital.com/blog/impact/community/product-donations-domestic-violence">launched a product donation pilot program</a>, donating up to 5,000 of these free product licenses to survivors of domestic violence to help them recover from financial or technological abuse. These products are also donated or discounted to nonprofits through our partnership with <a href="https://www.techsoup.org/search/products/norton/%22%20/t%20%22_blank">TechSoup</a>. &nbsp;</p><p>In addition to product donations, we work regularly with nonprofits like <a href="https://www.gendigital.com/blog/impact/community/my-digital-life%22%20/t%20%22_blank">Discovery Education</a> and the <a href="https://www.gendigital.com/blog/impact/community/the-smart-talk-2023%22%20/t%20%22_blank">National PTA</a> to help children and families learn about keeping their information private.  &nbsp;</p><h2><strong>Five Ways We Help Keep Customer Data Safe</strong>&nbsp;</h2><p>We focus on five essential elements to help keep customer data safe. Check for these key practices: &nbsp;</p><ol><li><strong>Accountability.</strong> At Gen, we hold ourselves accountable by defining our principles, conducting internal and external audits, empowering employees at all levels of the company to proactively consider privacy and data protection, engaging in continuous improvement processes, and constantly scanning for new risks and opportunities. For more details on Gen’s Privacy Operating Model, see page 34 of our <a href="https://s201.q4cdn.com/771113172/files/doc_downloads/2023/07/gen-2023-social-impact-report.pdf">2023 ESG Report</a>. &nbsp;</li><li><strong>Security.</strong> We secure personal data using appropriate technical and organizational measures to protect integrity, confidentiality, and availability. Our security monitoring alerts us to suspicious activity, and we have a robust incident response program. &nbsp;</li><li><strong>Essential rights. </strong>We take a principles-based approach, going beyond regional data protection laws to provide essential rights to our customers, such as access and deletion, regardless of whether there is a law requiring it. &nbsp;</li><li><strong>Transparency.</strong> Privacy policies are often difficult to read and understand. We work to make our policies as clear and detailed as possible. We provide additional support articles and easy access to contact information to make it easy for customers to exercise their privacy rights and get their questions answered. &nbsp;</li><li><strong>Customer-First Privacy by Design. </strong>In everything we do, we strive to anticipate, identify, and prevent invasive events before they happen. Privacy measures should not be add-ons, but fully integrated components of the system. We only collect personal data for specified, clear and legitimate purposes. And, we only collect as much personal data as we need to achieve those purposes.&nbsp;&nbsp;</li></ol><p>This Data Privacy Week, we encourage you to do a quick review of the companies and apps that have your information. Do they have systems and policies in place to keep your data secure? Will they let you delete your data? Are they explaining what personal data is collected and why? Do they respect your rights to control how your data is used? Remember, it’s your data and it has value. Be selective about who you choose to do business with and thoughtful about what information you are providing. And, no matter where you are in your data security journey, we hope Data Privacy Week serves as an important reminder to exercise your rights to safety and privacy.  </p>

This Data Privacy Week, learn what to expect from businesses that have your personal information

Helping to Keep Personal Data Safe

Senior Principal Data Scientist

AI Researcher

Principal Scientist, AI

<p>Data collection and preparation are critical steps for the success of a machine learning pipeline. Traditionally, manual feature engineering is involved to turn data from ones that humans can interpret to the ones that a machine learning algorithm can understand. Neural networks, as a prime example of machine learning (ML) approaches, are centered around the use of linear algebra and calculus, and as such they require that the data take up numerical form, typically of tensors of fixed size.&nbsp;</p><p>Real-world data are typically complex, as are the objects they describe. Identifying the (finite) set of features that describe all relevant properties of an object can thus be a daunting task that requires expert-level knowledge of the domain. Even then, the resulting representation can still be lossy, and may omit features that are important for the machine learning task at hand.&nbsp;</p><p>As an example, consider a web page. Web pages come in various shapes and provide different types of content. Identifying a list of features that suit all of them and describe all information needed for the ML task is hardly possible: Different pages provide different content, and as such may require different features to describe them. One will also likely need considerably more features to capture all potentially relevant information on a news outlet page compared to a web presentation of a small company.&nbsp;</p><p>We can however leverage the fact that web pages are typically well structured (as is their underlying HTML source code). The pages consist of, e.g., main content with titles and subtitles, menus and their submenus, or header and footer of the page. These components form a hierarchy which is similar across most of the pages, but varies in its complexity (e.g., number of titles or number of items in a menu).&nbsp;&nbsp;</p><p>The variety of data that can be described using similar hierarchies is vast. Examples include, e.g., <a href="https://archive.ics.uci.edu/ml/datasets/Musk+(Version+2)">molecular structures</a> or behavioral logs for malware detection. In this article we focus on identifying fraudulent behavior in financial transaction logs. &nbsp;</p><p><em>Hierarchical multi-instance learning</em> (or HMIL) [<a href="https://www.jmlr.org/papers/v23/21-0174.html">*</a>, <a href="https://scholar.google.com/citations?view_op=view_citation&amp;hl=fr&amp;user=IkdInbsAAAAJ&amp;citation_for_view=IkdInbsAAAAJ:ULOm3_A8WrAC">**</a>, <a href="https://www.researchgate.net/publication/309040375_Discriminative_Models_for_Multi-instance_Problems_with_Tree_Structure">***</a>] is a machine learning model and tooling that is designed to deal with such complex types of data without the need to identify the feature set manually. Instead, <em>all</em> features present in the input are preserved and used. This, in combination with the Auto-ML functionality of HMIL libraries (<a href="https://github.com/CTUAvastLab/Mill.jl">†</a>, <a href="https://github.com/CTUAvastLab/JsonGrinder.jl">‡</a>​), allows for fast prototyping due to the absence of the feature-engineering step.&nbsp;</p>

<p><strong>HMIL in a nutshell</strong>&nbsp;</p><p>Traditional neural network models consider a single input feature vector and apply a sequence of transformations to calculate the embedding (i.e., numerical representation) for the given input (see Fig. 1). In contrast, HMIL models treat each leaf in the input hierarchy as separate inputs of the model and use recursion (the model itself is a hierarchy!) to calculate embedding of each subtree (see Fig. 2). This means that the embedding zmerchant&nbsp; captures all relevant information about the merchant in the first transaction (which characterizes both the name of the merchant, as well as the state it operates in). This vector is then propagated upwards in the hierarchy, and it is integrated within ztransaction – a vector which already summarizes all information about the first transaction (i.e., including information about the merchant).&nbsp;</p><p>&nbsp;</p>

<p>Observe that the number of transactions we are aware of is variable, and in fact, will be growing as we learn about more transactions of the given user. Handling the variable number of child elements is the key challenge when calculating the embeddings (i.e., numerical representations) of a subtree. The reference implementation of HMIL (Mill.jl ​[<a href="https://github.com/CTUAvastLab/Mill.jl">†</a>]​) handles this by calculating the embedding of each child and aggregating these embeddings using position-invariant aggregation functions, such as maximum, average or count.&nbsp;</p><p>While these simple position-invariant aggregation functions lead to substantial gains in computational efficiency, their use is not suitable for all domains. This is especially true when handling sequential data where the ordering between individual events can be critical for proper interpretation of the data (e.g., an order must precede the payment).&nbsp;&nbsp;</p><p><strong>Towards processing sequential data using HMIL</strong>&nbsp;</p><p>To overcome this limitation, we propose to replace the aggregation functions by recurrent cells. Specifically, we use gated recurrent units (GRU) ​[<a href="https://www.researchgate.net/publication/262877889_Learning_Phrase_Representations_using_RNN_Encoder-Decoder_for_Statistical_Machine_Translation">§</a>]​ for this purpose. Instead of calculating, e.g., a simple average of all events in the sequence, the events are fed to the GRU cell in the order they appear in the input. This means that each event is interpreted in the context of all events that precede it. This allows us to distinguish, e.g., between the situations when a user made a payment as a result of an order, and when the payment has been made without a previous order (which may indicate a fraudulent behavior).&nbsp;</p>

<p>By replacing the aggregation function in the HMIL model by a gated recurrent unit, we allow the model to understand the interplay between sequential events while still retaining its automatic feature extraction capabilities that allow us to handle complex data without extensive feature engineering. Furthermore, we are still able to learn the parametrization of the embedding functions for individual subtrees, including the parameters of the recurrent cells.&nbsp;</p><p><strong>Proof of concept: Fraud detection</strong>&nbsp;</p><p>To verify the feasibility and performance of our proposed solution, we have applied HMIL to a synthetic fraud detection dataset [<a href="https://dl.acm.org/doi/10.1145/3490354.3494378">||</a>, <a href="https://www.kaggle.com/datasets/ealtman2019/credit-card-transactions">¶</a>]. This dataset has been formed by simulating the behavior of 2,000 users over the timespan of 30 years which resulted in 24.4 million transactions of which 0.12% are fraudulent. The dataset is generated in a way to reflect statistical properties of the US-based population including, e.g., the travel patterns of individual users.&nbsp;</p>

<p>Most of the previous ML approaches for handling this dataset rely on classifying each transaction in the dataset separately. In contrast, our HMIL-based approach handles a window of 20 transactions of a given user at once and aims at classifying whether the last transaction within the window is fraudulent or not. This setting corresponds to a real-world scenario where the transactions of a user are processed in a streaming way: We are asked to classify whether the current transaction is fraudulent, but we are allowed to consult previous behavior of the user to make the decision.&nbsp;</p><p>Even without any fine-tuning of the training procedure of the HMIL model (using most of the out-of-the-box Auto-ML functionality of HMIL libraries), we have been able to achieve F1 scores of over 0.95 on the testing split. In comparison, the state-of-the-art TabBERT approach [#] which also addresses the sequential nature of the data achieves F1 score of 0.86 only (we report numbers as presented in the original publication)."</p>

<p>While both TabBERT and our approach use a similar approach to handle the sequentiality by considering windows of adjacent transactions and feeding them to a recurrent neural network, the key difference lies in the way the embeddings of individual transactions are obtained. Unlike our HMIL approach, TabBERT relies on a language model to embed the data which is trained independently of the fraud detection task. This is in contrast with our HMIL approach which trains the fraud classifier and the HMIL-based embedder at the same time.&nbsp;</p><p>The difference in performance highlights the benefits of using HMIL architecture for processing complex data which we have also seen in <a href="https://blog.avast.com/processing-machine-data-with-machine-learning-avast">other applications</a>. The automatic feature extraction capabilities of HMIL allowed us to obtain strong performance with minimum optimization of the training process.&nbsp;</p><p>&nbsp;</p>

Using HMIL architecture to process complex data 

Hierarchical Multi-Instance Learning for Transactional Data 

Chief Technology Officer

<p>As we stand on the brink of 2024, the nature of cyber threats is undergoing a profound transformation: We are now expecting the threat landscape to be filled with frequent, highly individualized attacks in 2024. The advancement of artificial intelligence (AI) will notably enable the development of sophisticated tools. Criminals will use these tools for targeted messaging in victims' languages, enhancing manipulation.</p><p>Next year, we anticipate ransomware and scams that are designed to manipulate individuals emotionally. As we navigate this changing landscape, our predictions for the next year offer insights into the challenges ahead, as well as the measures we can adopt to fortify our digital defenses.</p>

<h2>Future advancements in AI and related risks</h2><p>The coming year will be a pivotal moment in the evolution of artificial intelligence, marking a period of significant transformation and emerging challenges. This era features rapid AI advancements, changing how these tools integrate into our lives. As AI becomes more embedded in our daily routines, its impact extends beyond mere technological innovation, influencing societal norms, privacy considerations and ethical boundaries.</p><h3>AI will undergo multiple evolutions</h3><p>We suspect a significant evolution in AI, especially in Large Language Models (LLMs) in 2024. Historically, LLMs have been cloud-based, relying on extensive server resources to produce text resembling human writing. The upcoming year, however, marks a pivotal shift towards more compact LLMs that function directly on user devices. This change transcends a simple relocation; it signifies a profound transformation in the integration of AI into our everyday activities and workflows.</p><p>Several key factors drive the move towards device-based LLMs. Firstly, privacy demands are rising and data stored on devices are more private than data stored in the cloud. Local data processing on devices also enhances security, reducing cloud storage risks. Secondly, this shift promises enhanced speed and efficiency. Local processing eliminates latency issues often encountered with cloud-based solutions, leading to a more seamless and responsive user experience.</p><p>Additionally, 2024 will be significant for generative AI, particularly in multi-type conversions. The evolving LLMs are not just limited to text generation; they are branching into more dynamic forms of media conversion.</p><p>The text-to-video feature, allowing synthesized video from text, is a notable advancement. This capability will open up new vistas for content creators, educators and marketers, offering a tool to rapidly produce visually engaging material that resonates with their audience. However, it will also be misused for the creation and spread of scams and disinformation, as it will be progressively harder to recognize a truly recorded video from an AI-generated one.</p><p>The development of text-to-voice AI is equally transformative. This technology goes beyond traditional text-to-speech systems, offering more nuanced and human-like voice generation. It holds immense potential, from creating more interactive and personalized customer service experiences to aiding those with visual impairments or reading difficulties.</p><p>Evolving AI technologies raise questions about ethics, regulation and balancing innovation with user welfare. For businesses and individuals alike, the upcoming year promises to be a journey of discovery and adaptation, as these lightweight, multi-faceted generative AI solutions redefine our interaction with technology and information in profound ways.</p><h3>New tools bring new security challenges as generative AI is broadly adopted</h3><p>The increasing popularity of generative AI in business will bring new risks and challenges. One significant concern is the phenomenon of "Bring Your Own AI" (BYOAI), where employees use personal AI tools in the workplace, which we predict will become exponentially more popular.</p><p>This practice poses a considerable risk of unintentional leakage of sensitive company secrets. Employees using personal AI for work may accidentally expose confidential data to third parties. On the flip side, corporate AI solutions will offer an increasing number of privacy-preserving features, which are frequently not available at the personal level.</p><h3>Social media will become a major attack vector for AI-related scams and disinformation</h3><p>We predict that the vast troves of personal information collected by social media companies over the past decade and a half will be utilized to target AI-generated ads and scams in the form of videos and static posts. Cybercriminals will use these platforms' reach to spread sophisticated scams and disinformation. Leveraging AI, they will be able to create and distribute highly customized and convincing content that blends seamlessly into users' feeds, targeting individuals based on their online behaviors, preferences and social networks.</p><p>Scams may appear as fake news, deceptive ads, deepfakes or misleading direct messages. Social media's interactivity will facilitate quick and broad spread. This will make cybercrimes more efficient and challenging for users and platforms to counter.</p><h3>Business Email Compromise (BEC) attacks will utilize AI to create more sophisticated Business Communication Compromise (BCC) attacks</h3><p>In 2024, we will witness a significant evolution in&nbsp;Business Communication Compromise (BCC) attacks (formerly referred to as Business Email Compromise or BEC attacks), as cybercriminals increasingly adopt AI and deepfake technologies to execute more sophisticated and convincing scams.</p><p>Cybercriminals will create deepfakes mimicking executives or partners. This will challenge employees in distinguishing legitimate from fraudulent requests, particularly when quick decisions are needed.</p><p>These enhanced BEC/BCC attacks will lead to financial losses and erode trust within organizations. Companies could encounter reduced effectiveness in communication and internal mistrust, as employees grow increasingly wary and doubtful of digital interactions.</p><p>A two-factor authentication-like solution is expected in response to these threats. These changes will mandate the verification of requests through a separate, independent channel, like a person-to-person interaction or secured phone call.</p><h3>The dark side of ChatGPT's fame: Malware on the rise</h3><p>The increasing popularity of AI tools like ChatGPT has attracted the attention of cybercriminals. We expect increased attempts by attackers to exploit AI solution-seekers. This includes deceptive “GPT” apps or plugins used for data theft or malware distribution. Users might think these malicious tools are legitimate AI solutions, downloading them only to compromise their systems and data.&nbsp;</p><p>We also anticipate attempts by malicious entities to "hack" LLMs with the aim of accessing valuable information, such as training data, model configurations, internal algorithms or other sensitive internal details. Furthermore, the threat actors might backdoor public LLMs, potentially stealing user inputs, IP and PII details.</p><p>Finally, we foresee the development of new malicious LLMs like "<a href="https://decoded.avast.io/threatintel/insights-into-the-ai-based-cyber-threat-landscape/">WormGPT</a>." In contrast to commercial models—which include built-in safeguards—these malicious models are designed to support the generation of malicious content.</p>

<h2>Digital blackmail will evolve and become more targeted</h2><p>Digital blackmail is rapidly evolving and becoming more targeted. <a>This change is not limited to ransomware attacks, it encompasses a variety of tactics aimed at high-value targets.&nbsp;</a>Notably, sophisticated data exfiltration shows the shifting nature and severity of these threats. As we move forward, this trend signifies a move towards more intricate and damaging forms of digital extortion.</p><h3>Ransomware will become more complex and damaging</h3><p>Cybercriminals mainly use encrypted or stolen data to demand ransoms or sell it, but we foresee a rise in more harmful data abuse tactics. This may involve data brokers exploiting information for identity theft, targeting both employees and customers, or to steal a company’s assets. This shift points to a more complex and harmful ransomware impact on businesses.</p><h3>Evolving attack methods: exploiting VPN and cloud infrastructure</h3><p>Expect evolving ransomware delivery methods, including more sophisticated VPN infrastructure exploitation. This tactic presents a formidable challenge for organizations relying on VPNs for remote work and secure communications.&nbsp;</p><p>Recent security incidents are troubling for companies that believe being in a cloud resolves all security concerns. Many of them recently <a href="https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html">learned a hard lesson</a> that attacks such as <a href="https://blog.cloudflare.com/how-cloudflare-mitigated-yet-another-okta-compromise/">cloud authentication token theft are</a> real and impactful. We should expect a significant increase in cloud infrastructure attacks, leading to more extortion.</p><h3>Diversification of extortion methods beyond encryption</h3><p>In addition to the above threats, we predict a rise in extortion emails like sextortion and business threats. These emails, typically disseminated through botnets, use intense scare tactics but are often repetitive. In 2024, expect a surge in creative email extortion. This could include the generation of falsified images or the introduction of new subjects for extortion, further complicating the cybersecurity landscape.</p>

<h2>Threat delivery will become more sophisticated on mobile</h2><p>Mobile cyberthreats are rapidly evolving in sophistication. We anticipate an increase in unethical practices such as instant loan apps resulting in data theft and extortion, the rise of trojanized chat apps filled with spyware and crypto wallet thieves, and a shift in malware distribution methods, favoring web-based threats through social media, messaging, or email, rather than attacks through apps.</p><h3>Instant loans as a lure into blackmail and extortion</h3><p>There is a growing concern about the rise in malicious practices within the instant loan app industry as the financial industry continues to advance. With the rise of these apps, some lenders use unethical tactics for repayments. More instant loan apps are stealing data from delinquent borrowers and rogue apps misuse user data to pressure repayments and add high late fees. This practice is increasingly common and is expected to intensify in 2024.&nbsp;</p><h3>Trojanized chat apps with spyware and stealing modules</h3><p>There could be a rise in fake chat apps with hidden crypto-stealing features or spyware. These fraudulent apps may abuse the trust users have in communication platforms, penetrating devices to extract confidential information or cryptocurrency keys. These attacks could include advanced social engineering methods, persuading users to give extensive permissions under the pretense of adding chat features that are not present in standard chat clients.</p><h3>Shifts in the delivery techniques of mobile threats</h3><p>Distributing web-based threats like phishing is much easier than it would be on native applications (and often with a higher return on investment). This is a key reason for the steep rise in such attack types on mobile devices, where they account for more than <a href="https://decoded.avast.io/threatresearch/avast-q3-2023-threat-report/">80% of all attacks</a>. We predict that this trend will persist, with more malicious actors using web-delivery attack methods rather than using native mobile applications.</p>

<h2>Rising threats in the cryptocurrency sphere</h2><p>The evolving cryptocurrency landscape introduces significant cybersecurity risks. The decentralized nature of these platforms offers anonymity but lacks the traditional safeguards of financial institutions. This absence of oversight and the inability to reverse transactions or monitor for fraudulent activities amplify the risks associated with these digital assets.&nbsp;</p><h3>An increased focus on crypto wallets by cybercriminals</h3><p>Cybercriminals are quickly adapting to the growing interest in cryptocurrencies. We're observing a marked increase in attacks targeting crypto wallets. Attackers are increasingly targeting crypto wallets with refined and sophisticated methods. This trend is likely to intensify, posing a significant threat to individual and institutional investors in the cryptocurrency space.</p><h3>Malware as a service will continue to evolve</h3><p>Services like <a href="https://decoded.avast.io/threatresearch/avast-q3-2023-threat-report/">Lumma</a>&nbsp;— a Malware-as-a-Service (MaaS) product targeting cryptocurrency wallets — are evolving with new features and better anti-detection capabilities. These MaaS companies act similarly to corporations, with malware advancements funded by profits from their malicious activities.</p><p>A new technique is the renewal of stolen cookies. This method enables attackers to retain access to hacked online accounts, even when passwords are updated. The consequences for online account security are significant; and we anticipate this will profoundly affect the coming year, requiring innovative strategies in digital security and account management.</p><h3>Vulnerabilities in crypto exchanges and cross-currency transactions</h3><p>Crypto exchanges are facing more attacks, leading to significant financial losses. A unique risk lies in the vulnerability of protocols allowing currency exchange. These exchange protocols can be manipulated to issue funds or alter balances, challenging users and experts. Given the potential for significant financial damage and the complex nature of these attacks, there is an urgent need for stronger security measures and greater vigilance in the cryptocurrency exchange sector.</p><p>Using accessible formal verification systems and SAT solvers, attackers analyze crypto system source codes for vulnerabilities and exploit them to steal cryptocurrency. As a result, we anticipate more high-volume frauds next year.</p><h2>Conclusion</h2><p>The cybersecurity predictions for 2024 underscore a landscape in flux, dominated by the dual forces of AI's promise and peril. While AI tools can be leveraged for protection, their misuse by cybercriminals presents a significant challenge.&nbsp;</p><p>As we look to the future, it’s clear that a proactive and educated stance on cybersecurity is not just advisable — it is imperative. Our strategies must evolve in tandem with the threats we face, ensuring that we remain one step ahead in the ever-escalating cyber arms race.</p>

Navigating the evolving threat landscape

Cybersecurity predictions for 2024 

<p>Large language models (LLMs) and generative AI are significantly increasing their abilities and global utilization. While these tools offer undeniable utility to the general public, they also present potential risks of misuse. Furthermore, bad actors are also actively investigating tools like OpenAI's ChatGPT.&nbsp;</p>

<p>This document describes the following aspects of an AI-based cyber threat landscape:&nbsp;</p>

<ul>
	<li>
	<p>How ChatGPT brand is misused for lures, scams, or other social engineering-related threats&nbsp;</p>
	</li>
	<li>
	<p>How generative AI can be used to generate malware&nbsp;</p>
	</li>
	<li>
	<p>The potential pitfalls and changes it brings for security researchers and attackers&nbsp;</p>
	</li>
	<li>
	<p>How ChatGPT and generative AI can help security researchers in their daily struggles, providing insights, and bringing AI-based assistants to their toolset&nbsp;</p>
	</li>
</ul>

<p>Generative AI and other forms of AI are going to play a key role in the cyber threat landscape. We expect that highly believable and multilingual texts misused for phishing and scams will be leveraged at scale, providing better opportunities for more advanced social engineering.&nbsp;</p>

<p>On the other hand, we believe that generative AI as it stands now is unlikely to drastically alter the landscape of malware generation. Although many proofs of the concept exist—mainly from security firms and nefarious actors testing the technology—it's still a complex approach, especially when compared to existing, simpler methods.&nbsp;</p>

<p>Despite the risks, it is important to recognize the value that generative AI brings to the table when used for legitimate purposes. We already see security and AI-based assistant tools with various levels of maturity and specialization emerging on the market.&nbsp;&nbsp;</p>

<p>Given the rapid development of these tools and the widespread availability of open-source versions, we can reasonably anticipate a substantial improvement in their capabilities in the near future.&nbsp;</p>


<h3><a href="https://cmsb.nortonlifelock.com/sites/default/files/2023-09/LLM%20malware%20090523.pdf">Read the full whitepaper here.</a></h3>


Insights Into the AI-Based Cyberthreat Landscape

Read the full whitepaper here.