US Intelligence Predicts Upcoming Cyber Threats for 2024
Accelerating competition between nation-states, regional conflicts with far-reaching impact, and non-state threat actors with unprecedented capabilities are three of the main cyber threats the US intelligence community (IC) will face over the next few months.
This is according to the Office of the Director of National Intelligence’s (ODNI) 2024 Annual Assessment of the US Intelligence Community, a report reflecting the collective insights of the US IC.
The report was shared internally in February 2024, but its unclassified version was made public on March 11, 2024.
Although not exclusively focused on cyber threats, it shares valuable insights on threats the US intelligence agencies expect to face in cyberspace.
China to Remain Top Supplier of Cyber Adversaries
The report examines threats, including cyber threats, posed by four nation-states: China, Russia, Iran, and North Korea.
China is described as the most active and persistent cyber threat to US government, private-sector, and critical infrastructure networks.
“Beijing’s cyber espionage pursuits and its industry’s export of surveillance, information, and communications technologies increase the threats of aggressive cyber operations against the United States and the suppression of the free flow of information in cyberspace,” the report reads.
Some of the evidence shared in the report includes Chinese operations discovered by the US private sector, such as the Volt Typhoon cyber espionage group’s KV Botnet.
This and other similar campaigns “probably were intended to pre-position cyber-attacks against infrastructure in Guam and to enable disrupting communications between the United States and Asia,” the ODNI wrote.
Additionally, China conducts cyber intrusions targeted at individuals beyond its border – including journalists, dissidents, and people the Chinese regime views as threats – to counter views it considers critical of narratives, policies, and actions conducted by China’s Communist Party (CCP).
Russia, Iran and North Korea to Continue Targeting the US
While Russia’s focus, both on the ground and in cyberspace, has been on its war in Ukraine, the ODNI said that the country remains a resilient and capable adversary across a wide range of domains.
The US IC assessed that Russia will continue to project and defend its interests globally and undermine the US and other Western states.
In cyberspace, the ODNI expects Russia to maintain its ability to target critical infrastructure, including underwater cables and industrial control systems (ICS), in the US as well as in allied and partner countries.
In the meantime, the ODNI expects Iran to pursue its opportunistic approach to offensive cyber, especially in the Middle East and target countries with stronger cyber capabilities than itself, such as Israel.
It will also continue to conduct malign influence operations in the Middle East and other regions, including trying to undermine US political processes and amplify discord in those regions.
Additionally, evidence of past operations has led the ODNI to believe Iran may attempt to conduct influence operations aimed at US interests ahead of the November 2024 election.
Finally, the ODNI assessed that North Korea will continue its ongoing cyber campaigns, particularly cryptocurrency heists. Kim Jong-un’s regime will likely seek various approaches to launder and cash out stolen cryptocurrency; and maintain a program of IT workers serving abroad to earn additional funds.
Nation-State Actors to Exploit International, Interstate and Intrastate Tensions
The ODNI said some threat actors originating from these four countries will likely leverage international crises to conduct offensive cyber operations against the US and its allies.
These crises include:
- Existing international conflicts (e.g. Russian war in Ukraine, Gaza conflict)
- Potential interstate conflicts (e.g. China maritime tensions with its neighbors, India-China tensions, India-Pakistan tensions, Azerbaijan–Armenia tensions)
- Potential intrastate turmoil (e.g. in the Balkans, the Sahel, Sudan, Ethiopia, Haiti, Venezuela)
Organized Cybercrime Among the Main Threats to the US
The ODNI report assesses that some transnational issues pose a serious threat to the US and its allies.
These include global concerns, such as competition over disruptive technology, digital authoritarianism, and transnational repression, including online repression. They also include the evolving cybercrime scene.
“Transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services, and exposing sensitive data.
“Important US services and critical infrastructure such as health care, schools and manufacturing continue to experience ransomware attacks; however, weak cyber defenses, coupled with efforts to digitize economies, have made low-income countries’ networks also attractive targets,” the ODNI wrote.
The ODNI said that three trends are making cybercrime an increased threat to the US and its allies:
- The emergence of inexpensive and anonymizing online infrastructure
- The growing profitability of ransomware, which has led to the proliferation, decentralization, and specialization of cyber-criminal activity
- Absent cooperative law enforcement from Russia or other countries that provide cybercriminals a safe haven or permissive environment, which limits the efficacy of successful law enforcement operations