What cyber dangers do government officials face in 2024?

Tom Kidwell, co-founder, Ecliptic Dynamics and former British Army and UK Government intelligence specialist and internet infrastructure security professional for the public sector looks at cyber threats for 2024.

The state of the cyber threat landscape became increasingly tumultuous in 2023. The number of attacks increased, malicious threat actors became more indiscriminate in their approach, and governments and public sector organisations have become key targets. But these threats are nothing new. In 2017, Westminster reported that a sustained cyber-attack had impacted the Houses of Parliament, attempting to steal emails of government members. It was claimed by Whitehall officials that the attack was staged by Iran and was later followed up by a separate attack on the Scottish Parliament. And just recently, the UK accused the Russian Secret Service, the FSB, of carrying out hundreds of attacks on politicians, civil servants, journalists, think-tank members, academics and other public sector officials. The reality is that 2024 will hold many of the same dangers. However, there will be some worrying differences, particularly for government officials.

How has the landscape changed?

Cybercrime has become one of the most difficult issues for governments to get ahold of, and devolving foreign relations are only making it more difficult. Conflicts across Europe, Africa and the Middle East have caused an uptick in malicious cyber activity, as warring states look to gain the upper hand on their enemies. Advancements in technologies such as AI and deepfakes are creating yet more problems for organisations and individuals in the public and private sectors, while the entry bar for cybercriminals is at its lowest ever point, with off-the-shelf products giving complete novices the ability to infiltrate environments, encrypt data, and secure ransom payments. All of these factors are being accentuated by a lack of funding for many areas of the public sector. In the United Kingdom, the economy has stalled, with interest rates stagnating at 5.2 per cent. And although spending on cybersecurity from the UK government is in the billions of pounds, this simply isn’t enough to tackle the problem head on. This leaves government officials in a difficult position, and the need for constant vigilance, watertight processes, and increased understanding from a cyber perspective is critical to avoiding more attacks on our national critical infrastructure.

What will this year's cyber threats look like for government officials?

In 2023, AI transformed from a conceptual technology of the future, to being integrated into almost every walk of life. From healthcare and schooling, to banking and hospitality, every industry is looking to improve its efficiency using AI. However, the rise of AI has opened up yet more opportunities for cybercriminals to exploit. For attackers, finding the path of least resistance is what they thrive on. This is why phishing and other low-skill attack vectors are the most common. With AI, it allows criminal groups to automate email campaigns, write malicious code, and clone the language of a brand or person in moments using advanced language models. This makes it easier to carry out attacks, again lowering the bar for entry for attackers.

For government officials, identity validation is critical to carrying out their jobs, and remaining secure. However, advancements in the deepfake field are making this increasingly difficult. Deepfakes involve manipulating media, using deep generative tech to clone a person’s likeness, usually their face or voice. This means that criminal gangs can copy the likeness of a government official, let’s say a cabinet minister, and send a video message to a junior minister asking them to open an attachment from an email they just sent through. This attachment could contain ransomware or other malware which steals and encrypts data or gives the attackers access to harvest and compromise sensitive government information from the network. These types of attacks are likely to become increasingly prevalent in 2024, with more and more malicious groups getting hold of deepfake capabilities.

In 2024, more than 40 countries will be taking part in elections, with these states making up more than half of the global GDP. More than 3.2 billion people will be heading to polling stations to cast their votes, and while change may represent a positive step in many of these nations, there is a critical cyber threat which must be considered. Starting with Taiwan in January, it is almost undoubtable that China will have an impact on the election. And later in the year, it is just as likely that Russia and China alike will attempt to interfere with the American election. Attackers from these states will look to manipulate voters. This will be done using a number of techniques, including targeted social media activity, as well as attempted data breaches on candidates and campaign staff. Attackers will be looking to gain access to potentially damaging material such as personal emails or messages, with the goal of leaking them to the media and swaying public opinion. Deepfakes are also an issue. Malicious groups can use them to create fake media of candidates delivering fabricated speeches or interviews which align them with the wrong side of controversial issues. Due to the quality of video and audio produced by deepfakes, the fakes are almost indistinguishable from reality. This level of interference isn’t new. In fact, the recent UK report which accused the FSB of continuous attacks on the UK public sector, also revealed that one Russian cyber group had stolen data which was linked to the 2019 election and made it public.

Global relations are becoming increasingly tenuous. There are conflicts going on in continents around the world, from the Russian invasion of Ukraine to the more recent Israel-Hamas war. On top of this, tensions between superpowers such as China and the United States are continuing to escalate, despite recent promises that they would move forward as friends. These evolving fronts are giving rise to increased cyber activity funded by certain states. For example, it’s impossible for Russia to consider a physical attack on NATO nations, however, cyber-attacks can be much easier to cover up, and still cause huge amounts of damage and disruption. This anonymity is increased when states use private, criminal cyber groups to carry out attacks. In order to avoid blowback and harsh sanctions, states such as Russia commission cybercriminals to carry out attacks on foreign critical infrastructure for them. In return, they offer them refuge in Russia, allowing them to operate as an everyday business. Recent reports suggest that these groups have high-rise offices, HR departments, holiday allowances and even flexible working. In 2024 government officials will likely become a target of these groups, funded by foreign governments to cause disruption within the UK government. The next 12 months will be a difficult one for the UK public sector, and remaining vigilant is critical to minimising the impact of malicious cyber activity. It’s the responsibility of government bodies to ensure their staff are prepared and protected, and that appropriate funding is made available to the public sector to protect themselves. Many criminal gangs are now propped up by by nation states, and we can’t allow them to gain the upper hand from an investment, awareness and capability perspective.