Cyber security 2024 summary and 2025 forecasts from the news
Notable security news for the week of Dec 22nd – Dec 28th 2024. This week editor is Lior from F5 SIRT. As always, when a year ends, security websites and vendors summarize the most significant security issues that happened over the past year. And with every end, there is a beginning. Enter 2025 cybersecurity predictions: what will happen this year in the world of cybersecurity? Here is what I summarized regarding the end of year 2024 and 2025 prediction in the cybersecurity landscape.
2024 cyber summary
In 2024, the cybersecurity landscape was marked by significant incidents and evolving threats, with "more" being the keyword — more of everything. CVE details show a record number of 40,152 CVEs, around 10k more than last year. The CISA site - Known Exploited Vulnerabilities Catalog - shows significant growth in the actual exploitation of vulnerabilities. Large-scale incidents such as the Snowflake Data Breach, Salt Typhoon, and Fileless Malware, along with many other names that no one can really remember, have occurred. Then the true nature of software unexpectedly reveals itself, as seen in the CrowdStrike incident.
One of the major breakthroughs in technology is the emergence of generative AI chatbot platforms, and as with any new technology, there is a need to secure it. Generative AI chatbots are becoming popular in web applications and are used to assist with specific, tailored actions relevant to users. These AI-driven chatbots use a wrapper on a commercial chat using APIs to operate, creating a whole new playground for attacks that now try to “convince” the chat to provide details it shouldn’t. Sounds familiar? totally familiar, but this time it is not XSS or SQLi; it is the LLM itself. Which is a great opportunity to mention the F5 AI Gateway.
I guess we can consider 2024 as a year with unprecedented levels of security events (see my 2024 prediction more of everything).
Enter 2025
So now you can ask yourself, will this continue in 2025 at the same growing rates? For sure! And will cybersecurity in 2025 be the year of AI security expansion? Beyond securing LLMs themselves, threat actors are expected to leverage artificial intelligence (AI) to enhance the sophistication of their attacks. This includes the use of AI for crafting more convincing phishing schemes, automating social engineering tactics, and deploying deepfakes for identity theft and fraud. But AI can also be used for protection and cyber defense:
- Integration of AI in Security Operations Centers (SOCs): AI is anticipated to play a central role in SOCs, automating tasks such as threat detection, vulnerability assessments, and incident response. Human analysts will focus on strategic decision-making and handling complex threats, enhancing overall operational efficiency.
- Security "co-pilots": AI-driven security operations centers (SOCs) will improve threat detection and automate incident response.
- Security controls assessment powered by AI: Using "AI Cyber Governance Platforms," AI will assist security personnel in understanding the real value of their security products and services, optimizing their arsenal to maximize protection.
- Agentic AI: Agentic AI is a software program designed to independently make decisions and take actions to achieve specific goals. Agentic AI is trending due to its ability to autonomously help CIOs realize their vision for generative AI to increase productivity.
This all means that we are facing an even more intense year and as they say, "It is going to be interesting." Recommended reading: The Top 25 Security Predictions for 2025
New vulnerabilities
While summarizing and doing prediction is nice exercise, the reality is that we have new vulnerability every week, here are two of them from last week:
New critical Apache Struts flaw exploited to find vulnerable servers
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices.
Apache publicly disclosed the Struts CVE-2024-53677 flaw (CVSS 4.0 score: 9.5, "critical")” at Dec 11”, stating it is a bug in the software's file upload logic, allowing path traversals and the uploading of malicious files that could lead to remote code execution. "We are seeing active exploit attempts for this vulnerability that match the PoC exploit code. At this point, the exploit attempts are attempting to enumerate vulnerable systems," reports Ullrich.
Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices.
The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), "A denial-of-service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall," the company said in a Friday advisory.
Palo Alto Networks said it discovered the flaw in production use, and that it's aware of customers "experiencing this denial-of-service (DoS) when their firewall blocks malicious DNS packets that trigger this issue."
- https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html
- https://security.paloaltonetworks.com/CVE-2024-3393
Podcasts recommendation
Finally, I have listen to those podcasts in the past week and they are worth the time spending on.
Podcast - Three Buddy Problem
Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights.
F5 DC : Announcing the new 'AI Friday' Podcast - Episode 1
Our own F5 folks talk about AI in a new podcast. Great job, looking forward for the next chapter.
See you all next year.