Aqua Security researchers see AI, cloud and threat intel trends in 2024

As the new year unfolds, we see the landscape of cybersecurity poised to witness a surge in AI-driven attacks, propelling the industry into a rapid cycle of innovation.

The Aqua Nautilus Security Research Team predicts that defenders on a quest to develop advanced AI-based security measures, not just to detect and respond to threats in real-time, but to predict and thwart them before they materialise.

They see 2024 shaping up to be the defining moment where AI may become the profound battleground in cybersecurity. Below, is an outline of what we might expect to see.

AI’s double-edged sword

Yakir Kadkoda, Lead Security Researcher, says that as we look towards the future, specifically into 2024, the cybersecurity landscape is predicted to encounter a significant shift due to the strategic incorporation of artificial intelligence by cyber attackers.

The anticipated emergence of ‘package illusion’ attacks will likely be a prominent example of this shift. These attacks will use AI to manipulate software dependency chains, leading developers to inadvertently introduce vulnerabilities into their applications.

This tactic is expected to be part of a broader trend where AI is not just a tool for defence but a weapon in the attackers’ arsenal. By exploiting the trust developers place in automated dependency management and suggestion systems, attackers can create a new class of supply chain vulnerabilities that are challenging to detect and mitigate.

We predict that these AI-driven attacks will become more common, forcing the cybersecurity industry to innovate rapidly. Defenders will need to develop more sophisticated AI-based security measures that can not only detect and respond to threats in real-time, but also predict and prevent them before they manifest.

The race between cyber attackers and defenders will intensify, with AI at the centre of this escalating arms race.

As a result, the cybersecurity community will need to prioritise the development of new standards and best practices for AI security, focusing on resilience against AI-powered threats.

Collaboration across industries and borders will be vital to develop shared defences against these emerging threats. The year 2024 may well be remembered as the year when AI became the critical battleground in cybersecurity.

The rise of userland execution methods in cloud security

As the cloud computing landscape continues to expand, so does the sophistication of attacks within its perimeters, says Idan Revivo, Aqua’s VP Cybersecurity Research.

We see the early signs of state sponsored threat actors finding novel sophisticated techniques and methods to execute code directly in user space memory without triggering the execve syscalls that are commonly monitored by security systems, thus skirting traditional detection mechanisms.

In that sense we are anticipating a notable shift in tactics from cloud attackers, who are increasingly likely to employ userland execution methods. In response to these advanced evasion techniques, the cybersecurity industry must pivot towards more nuanced behavioural security measures.

These include deploying AI and machine learning algorithms capable of understanding normal user behaviour and identifying anomalies, as well as enhancing memory scanning and process monitoring technologies.

Such proactive and intelligent systems are essential to detect and mitigate threats that bypass conventional detection frameworks, ensuring robust security in the ever-evolving cloud ecosystem.

AI-enhanced threats on the horizon: The democratisation of cybercrime

According to Asaf Eitani, Aqua Security Researcher, the landscape of cyber threats is poised to become more treacherous due to the advancing use of AI in code writing and the dissemination of malicious techniques.

AI-driven tools are increasingly capable of writing complex code, which can be repurposed by malicious actors to craft sophisticated malware and exploit programs with speed and efficiency that was not previously possible. This lowers the bar for entering into cybercrime, as even those with minimal programming expertise can now harness AI to generate attack vectors.

Furthermore, AI systems can rapidly assimilate and improve upon known attack methods by scouring through forums and code repositories, making the learning curve for executing advanced threats much less steep.

This democratisation of sophisticated attack capabilities through AI means that we can expect a proliferation of advanced malware, potentially leading to more frequent and more potent cyber attacks in the near future.

eBPF ascendant: Navigating the new frontier of runtime security

Alon Zivony, Aqua Security Researcher, predicts the utilisation of eBPF technology will continue to proliferate, with notable market entrance. Various enterprises and emerging startups, such as Raven (raven.io), Kodem, and Flow, have incorporated eBPF for enhanced observability within their operational frameworks.

As eBPF gains broader adoption across diverse industries and a myriad of products, we foresee that the landscape will witness a heightened prevalence of eBPF deployment assessments, evasion manoeuvres, and disabling tactics.

This trend is likely to emerge as a response to the growing significance of eBPF in runtime security, necessitating more rigorous security measures and proactive threat mitigation strategies.

AI-driven threat intelligence

Yaara Shriki, Aqua Security Researcher, anticipates that during 2024, the integration of AI in threat intelligence within cloud security will have revolutionised the identification and mitigation of cyber threats.

Utilising machine learning algorithms to analyse vast datasets from various sources, AI will not only detect real-time attacks but also predict future threats by recognising patterns and anomalies indicative of malicious activity.

This capability will enable organisations to shift from a reactive to a proactive security stance, constantly updating and refining their defence mechanisms in response to the ever-evolving cyber threat landscape.

As a result, cloud environments will benefit from a more robust and dynamic security posture, with threat intelligence becoming an invaluable asset for anticipating and countering sophisticated cyber attacks.

Closing the gap: Advancing cloud native cyber threat intelligence

Assaf Morag, Aqua Data Analyst Lead, summed up the team’s predictions with these thoughts. In cyber threat intelligence, our goal is to attribute various campaigns, tools and techniques to specific threat actors and groups.

As opposed to cloud native, in threat research areas such as fraud, financial campaigns and geopolitical intelligence, the discourse is somewhat more advanced, with a deeper knowledge and understanding of the threat actors involved.

However, in the cloud native space, this discourse has not yet reached the same level of maturity. We lack a wealth of data and detailed information on the tools, tactics, techniques and procedures (TTPs) of threat actors, as well as insights into their structure, goals, and motivations.

Although there are excellent analyses of threat actors like Kinsing, TeamTNT, and Group 8220, there are still gaps to fill and there remains, at the very least, a significant knowledge gap regarding state-sponsored threat actors targeting cloud native environments.

Looking to 2024, we expect a significant maturation in the discourse surrounding threat actors and groups in the cloud. We anticipate a more thorough analysis and understanding of the methods threat actors use in the cloud and their developing techniques.

The advent of specialised threat intelligence research groups are poised to greatly improve the quality and depth of these discussions.