1. Trend: Generative AI is enabling fraudsters to create more deceptive phishing campaigns, deepfakes and cyber threats that evade standard detection methods.

Proof: Fraud GPT is a real service (among others) on the dark web, giving cyber criminals the power of generative AI with no security guardrails. Want malicious code? Just ask. Need language translation and images for a phishing campaign? Done to perfection. Phishing attacks have increased over 1,200% in 2023 — a meteoric rise since the release of GenAI.

Prediction: The volume and sophistication of attacks will continue to rise as Gen AI gets smarter and bad actors learn how to wield its power. Organisations will race to implement Gen AI security and fraud detection, able to address deepfake voice authentication, fake IDs and phishing.

2. Trend: Malicious mobile apps, masquerading as real, trusted apps, have spread like wildfire on app stores around the globe in 2023. Mobile banking trojans and remote access trojans (RATs) make it easy to steal user credentials and one-time passcodes (OTPs).

Proof: Gigabud RAT emerged in 2023, able to record the screen of an infected device and evade detection by delaying the execution of the malicious payload, which contains strings and commands obscured by encryption.

Prediction: Expect new compliance regulations that require companies and government agencies to do more to secure their own consumer-facing apps. The Monetary Authority of Singapore has signaled that new security mandates are on the horizon for global banks.

3. Trend: Authorised push payment (APP) fraud is on the rise for one simple reason: companies don't have a way to stop it. Victims are tricked into approving money transfers.

Proof: Financial losses from APP fraud are projected to double across the UK, India and the US in the next four years, hitting $5.25B by 2026.

Prediction: Companies will turn to generative AI as the only hope for detecting aberrant behaviour in real time to stop APP fraud.

4. Trend: Digital wallets and identity verification based on EIDAS 2.0 will become more usable, closing the door to some identity threats while improving interoperability across EU borders.

Proof: Machine readable codes and digital signatures enable verified claims and user authentication that works much like social logins or BYOID but far more secure.

Prediction: Cyber security vendors like Transmit Security will begin to support these digital IDs to establish a higher level of trust for account recovery and high-risk transactions.

5. Trend: Cyber criminals continue to use tried-and-true tactics, like credential stuffing with great success.

Proof: 23andme and Paypal credential stuffing attacks came to light in 2023, proving consumers still reuse the same username/password to ‘secure’ many accounts. Educating the public is not enough. According to Verizon, 49% of breaches involve stolen credentials and digital black markets, like Genesis, are fueling the problem.

Prediction: To avoid damaging headlines and fraud losses, organisations will take a more proactive approach in 2024. AI-powered identity-security services will be essential.

6. Trend: Attacks on identity infrastructure itself reflect an escalation in attacks designed to steal credentials on a grand scale.

Proof: The leading IAM vendor suffered three breaches this year back-to-back in 2023.

Prediction: Organisations will look for identity vendors with cyber security expertise and identity-security infrastructure purpose-built to fend off today’s most advanced cyber attacks.