vulnerabilities. Recent media reports have shown that while new vulnerabilities continue to be discovered,
            recent attack trends focus on weaponizing old vulnerabilities.

            Reports  in  2021  suggested  cyber  attackers  were  targeting  companies  with  cybersecurity  insurance,
            explaining that companies with insurance were thought to be more likely to pay ransoms than those
            without  since  the  policy  covered  their  losses.  While  it  is  difficult  to  prove  the  logic,  it  has  led  some
            insurance companies to exclude ransomware attacks from cyber insurance policies, forcing organizations
            to rethink their strategies for responding to such attacks.

            In terms of ransomware targets, healthcare organizations were reportedly the most frequently attacked
            during  2022,  with  critical  manufacturing attacks  ranking second  on  the  list  and government  facilities
            ranking third. In 2023, healthcare remained a top target, though some experts predict a shift in 2024,
            marking the education sector as a new priority target.



            IoT security

            A  report  issued  in  2023  on  IoT  security  revealed  that  the  average  home  in  the  US  has  46  devices
            connected to the internet. Every 24 hours, those devices were targeted by an average of eight attacks,
            including DDoS attacks and IoT malware. Experts expect IoT attacks to continue to rise in 2024 due to
            the lack of standardized security standards in the IoT industry.


            The trend toward remote and hybrid work is expected to continue in 2024 means IoT vulnerabilities are
            a growing concern for many organizations. IoT vulnerabilities can give hackers access to employees’
            home  networks,  which  are  now  frequently  connected  to  work  networks.  Trends  in  IoT-related
            cybersecurity include enhanced training on cyber threats for employees.



            AI-driven attacks and defenses

            As the capacity and availability of artificial intelligence tools have grown, both cyber attackers and cyber
            security experts have found creative ways to apply them to further their goals. For example, AI-powered
            tools can be used to analyze security systems and uncover vulnerabilities, an exercise that can help both
            attackers and defenders.

            Generative AI tools like ChatGPT are predicted to play a role in crafting more effective cyberattacks in
            2024, especially in the area of social engineering attacks. Generative AI tools can analyze communication
            patterns and assist cyber attackers in preparing messages with a higher chance of fooling victims. AI’s
            ability to support deepfake audio recordings could also be used to improve the effectiveness of vishing
            attacks in 2024. To respond to improved social engineering attacks, zero trust will become a normal part
            of corporate cyber security policies.

            Experts  are  also  predicting  that  AI-powered  tools  could  be  used  to  address  the  ongoing  workforce
            shortage in the cybersecurity space. AI-powered automation could manage security tasks that involve
            analysis of large data sets, such as scanning files for signs of malware or monitoring network activity to






            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          80
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.