Our yearly Cyber Security Report is here – download it free here.

One of the best things about Hornetsecurity’s yearly Cyber Security Report is its foundation in empirical data. For this year we analyzed over 45 billion emails and derived our insights and recommendations from this foundation.

However, our Security Lab is filled with very smart people who have their finger on the pulse of the fast-moving field of cyber security and when it comes to predicting what the next 12 months will hold, we don’t have the data yet, and thus must extrapolate what’s likely to be on the horizon.

In this article we’ll look at five of the most salient predictions we made in our new Cyber Security Report – find the full report here.

1. AI & LLMS

The launch of ChatGPT and its cousins have certainly captured mainstream and tech news. We’ve seen some evidence of attackers using generative AI tools (including their own versions that don’t block malicious prompts) to prepare attacks and even help write malware.

The use of generative AI for malicious purposes has captured the media, but we think the power of LLMs will be used increasingly to help defenders as well. Log analysis and report writing are obvious examples, but we look forward to seeing all the other places where these Copilots will augment and help security analysts cope with their workload and better protect their businesses.

2. MFA Bypass Attacks Will Be More Prevalent

The calls for stronger authentication methods in businesses have been sounded for many years now, and it seems that they are (slowly) being heard. This also means however that attackers are finding various ways to bypass MFA, from fatigue attacks (the user gets so many prompts they eventually click accept just to make it stop) to Attacker-in-the-Middle kits.

Examples include Evilginx (open source) and the W3LL panel and associated tools to facilitate Business Email Compromise.

They work like this: the user is tricked into clicking a link that loads a convincing looking sign in page (for Microsoft 365, or another identity provider), as the user enters their details they’re passed on to the real sign in page (proxied) and if MFA is involved, the user will perform their normal gesture for this.

In the end, the user is signed into the legitimate service, but so is the attacker who has grabbed copies of the tokens during this process.

These types of attacks will definitely increase in the next 12 months, so don’t just adopt basic MFA for all your users, consider using phishing resistant technologies (Windows Hello for Business or FIDO 2 hardware keys), at least for all your administrators.

3. Complexity of the Cloud Will Cause Security Incidents

As the cloud has become the dominant computing paradigm in businesses worldwide, the speed of innovation and change has also increased significantly.

Hyperscale clouds and SaaS collaboration platforms like Microsoft 365 are huge, interconnected, ever-changing behemoths that bring a lot of complexity (as well as huge productivity boosts). This complexity is challenging to secure, which often is an afterthought anyway.

We think that in the future there will be more security breaches and data leaks due to misconfiguration and misunderstanding of how cloud features work, and how they interact with each other.

4. Increases in Supply Chain Attacks

The concept here is that instead of attacking your intended target (A), you compromise another organization (B) who is a supplier to A and thus gain access to A through a less guarded “back door”. Software supply chains are particularly vulnerable here, with many examples found in Open Source “building block” packages, and also in commercial software (Solarwinds).

This means an organization can do everything right to protect themselves but still become a victim through one of their suppliers.

Recently we’ve seen attackers capitalize on the scale possible in these attacks, for example, the MOVEit file transfer appliance attack over the last few months has now compromised over 2500 organizations and sensitive data pertaining to many millions of users, and potentially also further breaches in affected companies.

North Korean attackers have also shown remarkable tenacity in this space, sometimes chaining together compromises, i.e., breaching organization C, to get into B, to then ultimately gain access to business A.

We predict that these types of attacks will become more prevalent, and it’s vital that your security program doesn’t just look at how you’re protecting your staff, data and infrastructure, but also on how you can ensure that your suppliers aren’t adopting lax security approaches.

5. More Capable Threat Actors and Shortening Dwell Times

If the last 12 months are any guide, attackers will continue to become more brazen, and more sophisticated as well as move faster. We’re seeing dwell time (the time between the attackers first foothold in the organization to launching their eventual attack) decreasing quickly.

It depends on the aims of the attacker, if they’re gathering information, they’ll stay low and quiet, but for criminals and ransomware attacks, the fact that some attacks go from initial compromise to full blown ransomware in mere hours can overwhelm under-resourced defenders.


The full report has several more predictions as well as insights we’ve gathered from all the emails we’ve analyzed over the last 12 months, recommendations for how to protect your business in cyberspace, and much, much more. Download the Cyber Security Report for free.