Expert Speak
Vectra AI Outs Cybersecurity Predictions for 2024
Vectra AI has announced its annual threat predictions for cybersecurity stakeholders in the United Arab Emirates. Company experts Oliver Tavakoli, CTO, and Christian Borst, CTO EMEA, coauthored the predictions, which examine changes in the threat landscape, expansion in the attack surface, and the changing behaviours of digital estate owners, users, and attackers.
Prediction 1: Security endpoint breaches will decline as downstream defences get stronger
In 2024, more than half of the region’s security incidents will not involve compromised endpoints, predicts Tavakoli. “This will mark a new era of threats that primarily target federated identity systems, public clouds, and business email compromise [BEC],” Tavakoli explained. “These new breeds of attack will exploit the vulnerabilities and relative immaturity of security practices related to cloud, identity, and SaaS applications.”
Prediction 2: Generative AI will erode the effectiveness of email security
Tavakoli also predicted that, as the adoption of generative AI continues, attackers will use it in social engineering campaigns. He believes this will serve as a wake-up call to security leaders that their current defence capabilities are inadequate. “Consequently, I expect organizations to pivot towards downstream security approaches such as zero trust, micro-segmentation, and detection and response mechanisms,” Tavakoli said.
Prediction 3: Threat actors will mix and match digital identities to cause high-profile breaches
Borst predicts that 2024 will see a surge in credential-harvesting attacks such as that seen in the Citrix NetScaler flaw and others, which have left cybercriminal groups sitting on millions of potential logins. He believes such stolen credentials will be used to compromise digital identities and breach enterprises more successfully than ever before.
“In the past, stolen credentials may have gotten threat actors into a handful of corporate accounts,” Borst said. “But most wouldn’t give them admin rights or privileged access to steal sensitive data. However, as enterprises use more cloud services, third-party software, and open APIs in 2024, each account will give users varying degrees of privilege. Each source on its own may not seem like a big deal, but we will see cybercriminals mix and match their stolen access to get hold of sensitive data and breach organizations.” Borst also warned that to protect against a flood of cloud-based account hijacks, regional organizations will have to improve their visibility into cloud environments to bolster resilience and identify attacks before they become breaches.
Prediction 4: Widespread LLM usage will fade away, but the incidence of deep fakes will skyrocket
“Many organizations are exploring ways to use large language models (LLMs) following the initial wave of hype this past year,” Borst noted. “But when you scratch beneath the surface, it’s clear the novelty factor will soon evaporate.” Borst believes the complexity of the technology and the realization that LLM does not come with human-like intelligence beyond its communication capabilities will see businesses scale back their use of the technology.
He thinks this trend will extend to threat cabals who will abandon trying to use the models to generate malicious code. Instead, cybercriminals will harness generative AI to create more realistic and sophisticated deep fakes. “This will give them a better chance of tricking users into giving up sensitive data or clicking on something malicious through more convincing audio or visual phishing lures,” Borst warned.
Prediction 5: The cost-of-living crunch will push cybercriminals to do more with less
Borst foresees 2024 in which slowing economic growth and the region’s persistent cybersecurity skills shortage will continue to impact not just cyber defenders but their adversaries. “Both sides will be focusing on how to do more with less,” Borst said. “Many cyber defenders will look to harness AI to reduce strain on staff and increase resilience. At the same time, we will see attackers consolidate their operations to target low-hanging fruit.”
Borst surmised that phishing will remain a primary method of attack, but that cybercriminals will also automate processes where possible to save on time and resources, whether by using pre-packaged cybercrime tools or harnessing generative AI as support with crafting phishing lures.
A bumpy ride
“The threat landscape is one faced by UAE public sector organizations and private sector businesses alike,” said Tavakoli. “It transcends scale and spans industries. But while we can never know where and when the next attack will occur, the threat landscape — its actors, methods, and trends, is predictable to an extent. Let 2024 be the year we fight back with our sophisticated arsenal of cybersecurity tools and methods to protect our clouds, containers, workloads, and data.”
Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)
Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.
Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.
Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.
Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.
Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”
Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.
Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)
GISEC Global 2025: Phishing, Data Breaches, Ransomware, and Supply Chain Attacks Causing Challenges
GISEC Global 2025: A Place Where Innovation, Partnerships, and Leadership Come Together
Cequence Intros Security Layer to Protect Agentic AI Interactions
Commvault Enhances Cyber Recovery Offerings with CrowdStrike Incident Response
Bugcrowd Launches Crowdsourced Red Team as a Service
CyberKnight to Showcase Zero Trust Security 2.0 at Gartner SRM and GISEC Global 2025
Gartner Forecasts Spending on Information Security in MENA to Grow 14% in 2025
OPSWAT Opens Office in Saudi Arabia
SearchInform Expands Cybersecurity Awareness Programs Across the UAE
Commvault to Host SHIFT Cyber Resilience Roadshow in Dubai
UAE Workforce in 2025: Cybercrime, Stress, and Burnout Take the Spotlight
Video: Toshiba Presents Latest Hard Drives and QNAP NAS System Live Demo at INTERSEC 2025
Video: Toshiba Showcases its Latest Hard Disk Drives Through Live Demos at Intersec 2025
Video: Interview with Meriam ElOuazzani of SentinelOne
Video: Interview with Fred Crehan of Confluent at GITEX Global 2024
-
Artificial Intelligence1 week agoGenerative AI is Transforming Cybersecurity Across Detection, Defense, and Governance
-
Events1 week agoOPSWAT Joins GISEC 2025 as Middle East Confronts AI-Driven Cyber Threats
-
Cyber Security1 week agoProofpoint Unveils Unified Solution for Workspace Cost, Cyber Risk Reduction
-
Cyber Security1 week agoKuwait Renews Cyber First Initiative to Strengthen Digital Defenses for Vision 2035
-
Artificial Intelligence7 days agoFortinet Expands FortiAI Across its Security Fabric Platform
-
Cyber Security1 week agoAmiViz to Show Off the “Future of Cybersecurity” at GISEC 2025
-
Artificial Intelligence1 week agoHow AI is Reinventing Cybersecurity for the Automotive Industry
-
News7 days agoFuse Partners with Check Point Software