What to watch out for leading into the 2024 election season

It is hard to reflect on cyber “lessons learned” from 2022 without incorporating impacts from the war in Ukraine. Commercial, unclassified intelligence was key to predicting the imminent Russian invasion. Cyber activities were indicative of future kinetic activities on the battlefield. Ukraine also showed the world that preparedness, along with cooperation and intelligence sharing, can thwart nation-state cyber threats.

Outside of the conflict in Ukraine, we saw ransomware actors continue to adapt and professionalize their activities. CISA and the Intelligence Community became quicker and more willing to share intelligence openly, uncovering years of threats to U.S. critical infrastructure. While we expect these trends to continue throughout the new year, we are also predicting other developments that could take center stage in the near future.

5 Predictions for 2023 and Beyond

Commercial intelligence will be critical and decisive for both businesses and governments. The war in Ukraine demonstrated that commercial intelligence can be a decisive element on the battlefield. In many cases, commercial intelligence organizations can provide an additional perspective not seen by government intelligence agencies. Previously, many believed the government had the best and most unique intelligence. Now, commercial intelligence companies can demonstrate expansive capabilities that enable them to see the entire threat landscape. Finally, commercial intelligence is typically unclassified, making it easier to share with both the media and foreign partners when time is of the essence. We expect more governments to lean on commercial capabilities this year and for the foreseeable future.

Nation state actors will only grow more bold after the U.S. expansion of NSPM-13 authorities. Such a move signals that the U.S. is leaning more towards sharpening its offense despite the fact that our defenses remain vulnerable to nation states and criminals alike. While offensive cyber operations may have slowed down adversaries to some degree, offensive operations have yet to change adversarial behavior or their risk calculus. As the U.S. continues to lean into the offensive side of cyberspace, we must expect other adversaries, particularly nation states, to follow suit, perhaps in retaliation. Furthermore, we do not expect formal rules of engagement to emerge in cyberspace anytime soon. Current leadership at CYBERCOM has adopted the catchphrase “persistent engagement” to explain how the U.S. is in constant low level cyber conflict with its adversaries, and has shown no signs of easing that posture.

Ransomware criminals will face new challenges in monetizing their activities with cryptocurrency and enjoying a safe haven in Russia. The notorious FTX crash has left more crypto skeptics than endorsers. While it is not only used for criminal activities, it is certainly a favorable form of currency for criminals who are seeking anonymity as they participate in illegal activities. However, as the value of cryptocurrency remains volatile, it may not be the best way to monetize activities like ransomware. We have already observed chatter between actors who are concerned about the long-term sustainability of harvesting cryptocurrency or requesting bitcoin. (North Korea should have the same concerns). Criminal cyber actors have proven adaptable over time, however, and we expect them to continue finding ways to evolve and monetize their activities. Further, Russia recently introduced a bill to regulate crypto mining while banning the circulation of cryptocurrencies in the country.

Governments will exercise more scrutiny over social media and apps regarding privacy and national security risks. While the U.S. has been slower to adopt blanket privacy policies like Europe’s General Data Protection Regulation (GDPR), it is beginning to take an aggressive, bipartisan stance on foreign apps and software developed in adversary nations, like TikTok or Pushwoosh. We expect more scrutiny over source code and software supply chains, particularly when it comes to what data can be harvested, accessed, and by whom. While this is becoming more common as the government works to ban apps like TikTok or Pushwoosh on government devices, we could also see forced divestitures and more demands to store data on U.S. servers. Though American companies are already coming under fire for new privacy policies in Europe, we expect, as the U.S. increases its scrutiny on foreign technology privacy policies, that adversary nations will also crack down on American tech in response.

As we approach a presidential election year in the U.S., we expect hacktivist groups to make a reappearance in addition to continued nation state-level influence activities from Russia and China. Hacktivist groups around the world are participating in both sides of the war in Ukraine at surprising levels. In previous years, Anonymous in particular has taken interest in U.S. politics, and we expect them to make a return as we approach the 2024 election. Even though Russia has its hands full with war efforts, it has shown few signs of slowing down its attempts to influence U.S. politics. We also predict China will take a more aggressive approach to influence U.S. elections this year, including through the use of TikTok, among other tactics, as we observed with the midterm elections. Both countries’ misinformation and disinformation campaigns have several layers that are not limited to social media or cyberspace. We predict both will feel bolder as tensions are high domestically and ripe for influence operations. Additionally, neither country appears particularly deterred from interfering at some level. A combination of releasing intelligence publicly and strategic offensive and deterrence operations will be key to defending 2024.


In summary, as operating in cyberspace becomes more challenging for criminal actors in the coming years, they will continue to adapt in sophistication but are unlikely to grow much bolder. Nation states, on the other hand, are likely to increase their offensive activities in kind with the U.S. The commercial intelligence sector will be on the front lines of any conflict in cyberspace. And the U.S. will face challenges in protecting our data while not provoking adversary activity heading into a key election year.

Looking for strategic intelligence on cybersecurity and emerging technology that’s relevant for your organization? Contact us to see how we can help.

Contact Us