Mitnick Security Blog - Cybersecurity News and Articles

Common Hacking Techniques in 2023 and Predictions for 2024

Written by Mitnick Security | Jan 11, 2024 3:06:20 PM

Threat actors are typically after two things from your business: data or money. Usually, they’re motivated by both, as data can help them cash in at the expense of your business. In fact, in 2023, cyber attacks are estimated to amount to $8 trillion in total costs.

Hacking techniques are ever-evolving, and it’s important to keep up with new cyber threats. Below, we’ll cover the top hacking techniques used in 2023 and what to expect going into 2024 and onward.

 

Common Hacking Techniques in 2023 and Cyber Security Tips

1. Social Engineering and Phishing

Social engineering is an attempt to get a potential victim — often someone who works for a targeted organization — to share personal information, usually by impersonating a trusted source.

Social engineering bait frequently comes in the form of phishing emails, where a threat actor sends a message that looks like it’s from someone you know. This message asks you to do something — like click and download an infected attachment — under the guise of being helpful. If an infected file is downloaded, your computer can be compromised, giving the threat actor access to the information on your computer and, sometimes, your entire network.

Two Recent Examples of Social Engineering and Phishing

In 2022, Uber was caught in the crosshairs of a social engineering attack. The hackers managed to gain access to sensitive credentials for the app Slack, a cloud-based platform designed for online, cross-team communication, giving the hackers the keys to critical Uber data.

Additionally, the recent cyber attack on MGM Resorts in September 2023 utilized a blend of social engineering and password-cracking methods to compromise customer data, including payment information and login credentials.

What You Can Do 

In 2023, organizations faced about three social engineering attacks per workday, equalling nearly 800 annually. Warn your employees to never give out private business information over email and to think before opening any attachments. Ensure you schedule ongoing team education about avoiding email scams and other types of cyber attacks.

2. AI Targeting

From realistic-sounding voices to rendering images, there are several new tools in threat actors' toolboxes that utilize AI.

Recent Example of AI Targeting

ChatGPT is one of the biggest generative AI tools to be compromised by hackers; ChatGPT was taken down by a DDoS (distributed denial of service) attack on November 8, 2023. This has opened up the conversation for cyber security concerns across all AI tools, especially generative software.

What You Can Do

Relying on automated tools without monitoring them can give threat actors the opportunity to utilize AI in social engineering attacks to steal company data. Provide cyber security awareness training to keep your employees informed about new techniques employed by threat actors, including the best practices for keeping the software your company uses safe.

3. Password Cracking

Hackers can obtain your credentials through a number of means, such as keylogging, in which undetected software — accidentally downloaded by the victim of a social engineering attack — can record keystrokes for the threat actor to use at their will.  This includes saving usernames and passwords as they are entered on the infected computer.

Additionally, password-cracking programs can run through letter and character combinations at blinding speeds to guess passwords. With the addition of using artificial intelligence (AI), password cracking and brute force attacks have become easier for threat actors to execute.

Recent Example of Password Cracking

In October, the genetic testing company 23andMe revealed that it had experienced a cyber attack that used password-cracking methods to access the personal data of about 14,000 of its customers. The company stated they believe threat actors targeted the accounts of 23andMe users who reused old login credentials from other sites that had been hacked. This made it easier for the threat actors to gather thousands of usernames and passwords and access sensitive data.

What You Can Do

Use a password management tool that securely houses your company credentials. These tools can often auto-generate lengthy, diverse character passwords that are difficult for threat actors to guess — and autofill for your employees for easy access to their tools. Consider also looking into encryption and multi-factor authentication methods to shield your data from hacking techniques that go undetected by automated scans.

 

Predictions for 2024 Hacking Methods

The landscape of potential cybersecurity threats has quickly become a minefield for 2024. We believe that knowledge is power. Here is what to look out for and what we think will happen next year.

1. Previously Unexplored Tech Hacks

We all know our computers can be exploited, but cybersecurity experts are predicting that bad actors will go after much larger fish in 2024. Smartphones and smart home devices, for instance, have been responsible for 70% of fraudulent transactions in the past, with bad actors taking control of device microphones or cameras to spy on users in hopes of recovering private data to use against them. 

Beyond the home or office, cybercriminals are experimenting with remote hacks to cars with electronic operating systems, like the Brokenwire technique which involves sending malicious signals to interrupt the charging session of electric vehicles. In years to come, larger systems responsible for transport like train railways and airplanes may be targets for malicious compromise, as well as hospitals and schools.

What you can do: Keep an eye on the tech news to see how cybersecurity experts are working to find solutions.

2. AI (Artificial Intelligence)

According to Forbes, “AI is a tool that can also be exploited by bad actors.” From realistic-sounding voices to rendering images, there are several new tools in a threat actor’s toolbox for 2024. 

What you can do: Relying on automated scans and tools can give threat actors the opportunity to utilize AI in social engineering attacks to steal company data. Provide cyber security awareness training to keep your employees informed about new techniques employed by threat actors.

3. Geo-Targeted Phishing Threats

Phishing has been a huge threat for years. In fact, recent statistics show that 84% of businesses fell for some form of phishing attack. However, threat actors are now targeting victims who live in specific locations with seemingly relevant, innocent clickbait. 

For example, a sophisticated spear phishing email in 2024 may offer an employee discount at a water park in their city — they just have to put in their employee ID. A threat actor could then use this information to access your internal network and launch their ransomware or other attacks with ease.

What you can do: A social engineering pentest can evaluate the current level of security awareness among your employees. From there, you can work to mitigate the risks by providing continuous education.

4. Ransomware

Ransomware has been a constant thorn in the sides of countless enterprises for years. With the advancements in software, ransomware will only continue to rise as hackers will find new ways into organizations.

Recently, even the FBI warned companies to be cautious of dual ransomware attacks. These are attacks that occur back to back across a small amount of time.

What you can do: From downloading malicious software to providing personal information on a fake website, there are several traps threat actors create to compromise your data. Provide your team with educational resources that will give them the best practices for protecting against ransomware attacks.

 

All It Takes Is 5 ½ Steps To Help Your Enterprise

By simply thinking ahead about the hacking techniques to come, you’re on the right track. But what we’ve covered here is just the tip of the cyber security iceberg.

Check out our checklist of just 5 ½ steps to help you avoid cyber threats, including the ones mentioned here.