Halloween is right around the corner, bringing with it visions of ghosts and goblins and plenty of harmless mischief. But lurking in the shadows—as always—are malicious actors with unpleasant cybersecurity surprises waiting to catch victims unaware.

Bitdefender released research this week showing nearly half of Halloween-themed spam is malicious, urging the public to be on alert as Halloween often signals the start of the holiday shopping season—when scams really start to rise.

The study found nearly half (48%) of Halloween-themed spam is fraudulent, with 69% of the spam hitting U.S. inboxes. The report indicated the origin of the spam is predominately coming from Malaysia and the U.S.

Beyond the holiday-themed spam, there are larger, more terrifying cybersecurity trends gaining traction in 2023, which are giving security professionals the shivers—here are a few spectral cybersecurity signs to watch out for as 2024 peers over the horizon.

Awful AI, Dangerous Deepfakes

The growing ubiquity of AI is creating some dangerous ripple effects that more cybersecurity professionals will be concerned with as we head into 2024.

Mike Britton, CISO of Abnormal Security, said the rise of deepfake technology, which uses artificial intelligence to superimpose and combine both real and AI-generated images, video and audio, will further complicate social engineering attacks.

“Today, deepfakes are possible but are not yet a very common attack tactic,” he explained. “However, we are right around the corner from seeing them become more widely used by bad actors looking to trick their victims into sharing money or sensitive information.”

He added while malicious AI rose as a growing concern in 2023, it was also reassuring to see more security companies begin to leverage AI for good.

“Whether they are using AI within their solutions to improve threat detection and remediation or tapping generative AI to make their teams more operationally efficient and effective, positive use cases for AI in cyber are growing,” Britton said. “I look forward to seeing this become even more widespread in the year ahead.”

Haunting Human Risk Behaviors

Drew Rose, CISO and co-founder of Living Security, said the scariest human risk behaviors have not fundamentally changed over the years.

He said regarding Halloween, lurking in digital environments are the vulnerable and somewhat trustworthy employees with access to sensitive data and systems.

“They download spooky sound effects apps with overly invasive permissions or click on Halloween party invites sent from people they have never met,” Rose warned.

He pointed out humans fall victim to cyberattacks for a host of reasons, often because they get caught in a situation where they respond out of fear, insecurity or a host of other emotions, not thinking clearly about the threat at hand.

“As Halloween’s eerie atmosphere envelops us, CISOs must fortify their program, diving deep into data to unveil human vulnerabilities,” Rose said. “With this insight, they must craft a strategy to mold more vigilant and less risky individuals, ensuring that the organization’s defenses remain impenetrable and that success is consistently measured.”

Rotten Ransomware Groups

Drew Schmitt, practice lead at GuidePoint Security, pointed to the aptly named BlackCat (also known as Alphv) as a major ransomware player who is not afraid to get their hands dirty.

During Q3 of 2023, they had a significant number of publicly claimed health care victims, according to their dark web leak site.

Over the course of 2023, BlackCat has demonstrated that they are unafraid of potential law enforcement attention with their focus on sensitive industries and huge targets like MGM and Caesars.

“What makes BlackCat a bit more troublesome is their affinity for media attention, which adds a level of complexity to this group as a whole,” Schmitt said. “As 2023 comes to a close, BlackCat is likely to continue being an extremely impactful ransomware group to be on the lookout for.”

He adds a disturbing new threat in the ransomware ecosystem is Hunters International, with current security research suggesting this group is a rebrand of the Hive ransomware group.

“Based on Hive’s duration of past operations, Hunters International is a group that should be monitored closely and is likely to be quite impactful,” Schmitt said. “Based on their dark web infrastructure that has recently become public, it looks like this rebranded group is ready to put significant effort into their operations.”

A Horrific Hack From the Past

David Brumley, cybersecurity professor at Carnegie Mellon and CEO of software security firm ForAllSecure, said the most harrowing hack he can think of goes back to 2016 when the Ukrainian power grid was hacked.

“On December 23, Ukraine tech workers saw their mouse move across the screen by itself, like it was possessed by a poltergeist,” he explained.

Workers looked on as their computers clicked through screens on their own, taking down the circuit breakers for the power substation.

“The computer even clicked its own dialog windows to confirm taking down power,” he said. “When workers tried to override, they found they didn’t have control of their own computers.”