Decoration PressNEWSROOM

Happy New Year 2024 and beware of the tremors! HarfangLab experts predict a turbulent cyber year, accentuated by a dense international and political context.

8 min

Punctuated by a particularly unstable international context, the implementation of restrictive but essential European regulations, and far-reaching events, the year 2024 promises to be an eventful one. The question of cybersecurity will be intimately linked to this context, as HarfangLab experts explain.

A new year means resolutions, or projections. As everyone considers their plans for the year ahead, and the priorities they need to keep in mind to give themselves the best chance of success, a number of factors need to be taken into account to combine resilience, ambition and cybersecurity. In order to facilitate risk analysis, but also to anticipate the main factors that can influence a company’s cyber strategy, HarfangLab’s experts have taken a look at what is sure to shape the European digital landscape in 2024.

  • A context of war, where the cyber weapon is more strategic than ever… and Europe overexposed by numerous international events.

According to Anouck Teiller, Chief Strategy Officer at HarfangLab, we can expect a growth in sophisticated state or para-state cyber threats due to the tense geopolitical context, as evidenced by some recent activities such as the Kiyvstar attack in Ukraine and attacks against European governments and US critical infrastructures, through Microsoft services. These threats will be all the greater for Europe in a context of overexposure with major international events (Paris 2024 Olympic and Paralympic Games, European elections, Euro Football, etc.) and numerous political elections (US, Russia, EU, etc.).

According to the Cyber Threat Research team at HarfangLab, this conflicting context could be illustrated by :

  • More information manipulation operations to influence public opinion, and more cyberattacks to support such operations.

As already illustrated by several publicly documented cases (Ghostwriter, Doppelganger, etc.), social networks are now widely used to influence or even manipulate public opinion in support of political or international interests. Some of these operations have been supported by upstream cyberattacks (GRIZZLY STEPPE – hacking the US Democratic Party, MacronLeaks, etc.). Experts expect operations related to information and influencing public opinion to shift up a gear in 2024, given the international context: from the conflicts in Israel and Ukraine to the European, American and Russian elections, or the Paris 2024 Olympic and Paralympic Games, for which the exclusion of Russian competitors is a point of tension. We can expect more cyberattacks to support such manipulative operations to amplify the message, capture data, inhibit counter-influence capabilities, or simply to spread fear.

  • More hacktivists acting in continuity with state cyber capabilities

The boundaries between hacktivist groups and actors acting on behalf of states will be increasingly porous in 2024. Cases such as the alleged Russian sponsorship of Anonymous Sudan, Killnetcont‘s “independent operations” againstWestern targets and the response of the “Computer Army of Ukraine” have prompted the International Committee of the Red Cross to draft regulations for “civilianhackers “. Hacktivism is an increasingly tolerated form of action – even promoted and supported by public opinion. States may have an interest in maintaining this vagueness in the event of conflict, in order to benefit from a flexible reserve of cyber capabilities, while at the same time making it difficult to retaliate against actions that would be attributed to civilians acting of their own free will.

  • More destructive attacks

We are identifying more destructive malware, increasingly used as non-kinetic weapons in conflict. These attacks, whether perpetrated by state-sponsored actors, hacktivists or criminal groups, can be politically motivated. This growing trend underlines the importance of identifying the motivations and objectives of cyberattacks, as crucial as understanding attack techniques and tactics for accurate attribution.

  • State-backed actors take action against cybersecurity companies and researchers

Cybersecurity activities uncover advanced malicious operations aimed at hindering military action in wartime. Defenders who expose cyber attacks sometimes ruin months of effort by malicious actors to develop their cyber operations. As a result, states or the actors they support could exert more pressure against cybersecurity organizations and experts, particularly in times of conflict. Publicly documented cases such as Triangulation or the NOBELIUM compromise of FireEye already demonstrate that cybersecurity organizations and actors are being targeted. HarfangLab researchers expect more varied retaliation against cybersecurity players in the coming year, including cyberattacks, legal action, deterrence and psychological operations.

  • Reassessing the critical infrastructure protection framework

With the attack on the KA-SAT system on its very first day, the war between Ukraine and Russia demonstrated that satellite communication infrastructures can be targeted during a conflict, and that the associated effects can spread far beyond the front lines. Insofar as certain infrastructures such as communications systems support both civilian and military interests during a war, some belligerents consider them to be “dual-use” and, as such, may be a military target under the rules of war. Such a logic exposes certain common critical infrastructures – mainly energy and communications – to tragic general disruption when conflict breaks out. Existing national critical infrastructure protection frameworks may no longer be sufficient to cope with such risks. Experts therefore expect that, in the light of such facts, states and international organizations will redefine critical infrastructure protection. They may do so by establishing coordinated international frameworks, or conversely, by locking up national infrastructures even more tightly.

Pierre Delcher, Director of the Cyber Threat Research team, explains: ” Globally, international conflicts tend to increase tensions in cyberspace, which supports every strategic planning, diplomatic effort, military act and expression of opinion. Regardless of the political context of conflict, inflation, international sanctions and financial opportunism encourage cyber threat actors to action and innovation more than ever. From new vulnerability surfaces opened up by AI, to the growing mass exploitation of advanced technical vulnerabilities – including on cell phones, to new methods of circumventing protection tools such as EDR, the year 2024 will undoubtedly present a new challenge for defenders .”

  • A European commitment to cyber resilience and autonomy

In the face of these ever-increasing threats, which affect key players in the functioning of our societies and economies, regulatory pressure is set to grow, posing a new challenge to already busy information systems security managers.

This regulatory pressure will be particularly true in Europe, but also in the United States. Indeed, in 2024, the transposition of the NIS 2 directive will reinforce the consideration of cybersecurity in all essential business sectors. Similarly, sector regulators (finance, defense, energy etc.) continue to tighten cybersecurity requirements for entities in their sectors. This will mean new challenges for companies: governance, prevention and compliance with cybersecurity rules such as reporting cyberattacks or implementing detection solutions, even for players who didn’t consider themselves concerned by cybersecurity. This will have a particularly significant impact on all players in the supply chain, since the directive will also affect small businesses operating in sensitive sectors or working with sensitive players. At the same time, the repressive role of regulators is also becoming more pronounced, with company bosses who have fallen victim to cyber-attacks now being prosecuted for negligence (SolarWinds, Vastaamo, etc.), and the NIS2 directive will make a direct contribution to this.

In this context, the criteria of tool performance, confidence in solutions and experts, and strategic autonomy in the management of sensitive data, will form a critical triptych for companies.

Anouck Teiller, explains, ” The implementation of directives such as NIS 2 is essential to the construction of a robust, high-performance European cybersecurity system. Nevertheless, as we often see, these new regulations impose new constraints on organizations that are sometimes difficult to prioritize. How do you choose which security measures to implement first? How do you choose high-performance cybersecurity solutions that enable compliance when cybersecurity is foreign to the organization? Today, at HarfangLab, we are convinced that these responsibilities must be shared not only by organizations, but also by cybersecurity solution providers. Our role, in the face of this growing threat, is very clear: to protect all organizations with tools that are both high-performance, help to ensure compliance and guarantee data control for organizations. This is our approach to strategic autonomy.

  • For more information on HarfangLab, visit the website
  • For more content on cybersecurity tips for organizations, visit our blog.

About HarfangLab

HarfangLab is a French cybersecurity company that publishes EDR (Endpoint Detection and Response) software, a technology that anticipates and neutralizes cyberattacks on computers and servers. Certified by ANSSI since 2020, HarfangLab now has over 300 customers, including government agencies, businesses and international organizations operating in highly sensitive sectors. HarfangLab’sEDR , currently deployed on over 800,000 endpoints, stands out for: the openness of its solution, which integrates natively with all other security bricks; its transparency, as the data collected byEDR remains accessible; and the digital independence it offers, as customers are free to choose their hosting mode: public or private cloud, or their own infrastructure.

Visit our website: