Cybersecurity Frontiers: Cyber Attacks and Emerging Trends in AI Generation

Trends in Cyberattacks in 2024

Reflecting on cybersecurity in 2024, ransomware remains a significant issue. According to police statistics, the number of victims exceeded 100 for the first time in the first half of fiscal 2022, reaching 114 in the first half of 2024. In June 2024, a major publishing company in Japan fell victim, followed by a major manufacturing company in October.

As these incidents continue, two key points stand out:

1. Victims span all sizes of companies and organizations. This indicates that cybercrime groups persist in conducting indiscriminate ransomware attacks, infiltrating systems to exploit vulnerabilities.
2. The rise of a new attack method called "no-ware ransomware." Traditional ransomware attacks typically involve encrypting data and demanding a ransom for decryption, or "double extortion," where an additional ransom is demanded to prevent data disclosure. In contrast, no-ware ransomware involves cybercriminals threatening to disclose stolen personal, internal, and confidential information unless a ransom is paid. Without the need for encryption, these attacks are swift, and the damage is harder to detect.

Figure 1: Review of Cybersecurity Trends in 2024 (Source: National Police Agency, "State of Threats in Cyberspace in the First Half of 2024")

Another significant topic in 2024 was cybercrime activities exploiting major events.
During the Paris Olympics, numerous fake video streaming sites emerged, claiming to broadcast the opening ceremony and events for free. A phishing scheme was confirmed where users were asked to enter their personal and credit card information under the guise of site registration.

Additionally, fake crypto investment fraud ICO (Initial Crypto Offering) sites appeared, soliciting investments in new crypto assets like Olympic Game Tokens. Similar tactics are expected to continue in the future, especially during major events. It is crucial to remember that criminals are exploiting trending features of social media platforms to direct people to fake websites.

Evolution of generative AI and the spread of misinformation

In 2024, the rapid evolution of generative AI technology became evident to many. While generative AI has shown promise in solving social problems, its misuse has led to a sharp increase in misinformation and fraud.

In January 2024, during the US presidential election, a deepfake voice mimicking President Joe Biden called over 5,000 residents in New Hampshire to disrupt the vote. The call urged them not to vote in the New Hampshire primary, claiming that voting would only help re-elect Donald Trump. Although the suspect was later indicted, the use of generative AI in politics was striking.

Regarding the spread of misinformation, the coordinated creation of fake news by a Hong Kong-based news site called BNN Breaking was also notable. Initially, the site gained traction by re-editing articles from other news sites and feeding them into generative AI. Eventually, the site posted a large number of articles automatically generated by AI. In some cases, completely fake news was reprinted on major news sites, causing significant incidents. The site reportedly received over 10 million monthly visits, with the fake news likely created to earn advertising revenue.

Additionally, biographies containing false content created by generative AI were sold on Amazon Kindle immediately after the deaths of famous individuals. As a countermeasure against the spread of misinformation and fraud, a content authenticity confirmation technology called "Technical Standards (C2PA)" has been developed. Its widespread adoption is expected to improve the ability to detect misinformation.

Potential of Multi-Agent AI Cyber Attacks as a New Threat

Since 2025, cyber-attacks using multi-agent AI have been attracting attention as a new threat in the field of cybersecurity. These attacks involve multiple AIs working together to carry out cyber-attacks and are expected to be faster and more efficient than conventional cyber-attacks.

To begin with, an "agent" in the field of AI refers to an entity that autonomously recognizes the environment, makes decisions, and acts to achieve specific goals and objectives. It operates independently without human intervention. Multi-agent AI is a system in which multiple autonomous AI systems (agents) work together. With the advent of multi-agent platforms such as Microsoft's AutoGen and Google's Vertex AI, this technology is rapidly becoming a reality.

For cybercrime groups, the repurpose of multi-agent AI has significant advantages. Traditionally, in cyberattacks, a human attacker performs each of the following processes: target identification, vulnerability search, attack execution, authorization, network spread, and information theft. However, with multi-agent AI cyberattacks, these processes are handled by multiple AI agents. They can be executed automatically 24 hours a day, 365 days a year, without interruption, and they can perform attacks much faster than humans.

As a security measure against these new threats, the defense side is also considering the use of multi-agent AI. For example, research and development is underway on a system in which AI agents are deployed on each computer in a company, and they work together to detect and respond to threats in real time.

However, such countermeasure technology is still in its infancy. As multi-agent AI technology develops further after 2025, it is highly likely that the technology competition will intensify between the attackers and defenders.

NTT DATA Security Services

NTT DATA has been providing cybersecurity services for over 30 years since its foundation. With more than 7,500 security professionals skilled in various industries and technologies worldwide, NTT DATA has established over 80 cybersecurity delivery centers globally. We offer cost-effective solutions while complying with local laws and regulations. In 2023, NTT DATA ranked second in the global market for managed security services (MSS)*.

Cyber-attack techniques have rapidly evolved in recent years. NTT DATA UnifiedMDR™ is a managed detection and response (MDR) service that helps companies prepare for the latest attacks. NTT DATA offers a security operation outsourcing service that provides comprehensive support from security professionals in all areas, including consulting, construction, operation, and monitoring, from incident prevention to damage minimization. It has two main features:

Figure 2: NTT DATA UnifiedMDR™ Service Overview

1. Extensive experience in responding to incidents worldwide over many years.
2. A track record of operating the world's largest zero-trust environment globally.

As a global group company, NTT DATA has implemented global governance and zero-trust environments in 59 countries and regions. NTT DATA provides customers with solutions that leverage our world-class cybersecurity architecture, the expertise gained from extensive incident response experience, and our strength in offering a complete set of secure infrastructure, including data centers, networks, clouds, and terminals.

Click here (Japanese) for examples of services provided to Recruit.

• * NTT DATA ranks second in global market share in Security Outsourcing Market Report "Gartner® Market Share Analysis: Managed Security Services, Worldwide, 2023."

Examples of NTT DATA Customer Support

Here, I would like to introduce two examples of customer support that NTT DATA has provided.
The first example involves a domestic manufacturing company. The company faced the challenge of strengthening the security governance of its group companies in Japan and overseas. As a global company originating in Japan, NTT DATA has encountered many difficulties in enhancing the governance of its overseas bases. For instance, NTT DATA has overcome challenges such as establishing consensus with overseas group companies with different cultures and raising the security level across the group despite varying base sizes and skill levels. Drawing from our own experience in solving global company issues, NTT DATA provided comprehensive services, from consulting on identifying issues in the customer's IT environment and developing a concept, to building and operating the system. As a result, we achieved security that meets the industry standards and levels targeted by the customer.

The second example is from a customer in the manufacturing industry. The customer sought to provide centralized security monitoring against cyber-attacks for systems used and operated at multiple overseas bases, rather than separately for each country, to enable quick responses in the event of an incident. To address this challenge, a team from NTT DATA Italy, which has established SOC (Security Operation Center) for NTT DATA's Japan and APAC bases, collaborated with a team from NTT DATA Italy, which has established SOC for European bases, to create an operation and monitoring system. As a result, we provided centralized security monitoring and operation services for the customer's global bases 24 hours a day, 365 days a year, leveraging time differences.

Figure 3: NTT DATA Customer Example

In this way, NTT DATA provides advanced security solutions tailored to each customer's needs to enhance the security of their IT environment. We will continue to do our utmost to protect companies worldwide against evolving cyber-attacks and security challenges.