Cybersecurity Frontline ~Latest Trends in 2024 and NTT DATA's Advanced Initiatives~

With the emergence of new attack techniques that leverage artificial intelligence (AI), cybersecurity threats facing companies and government agencies are becoming increasingly severe. Cyberattacks have grown more sophisticated than ever, targeting not only large enterprises and government organizations but also small and medium sized businesses and institutions that operate critical internal infrastructure.
This article provides an overview of cyberattack trends and incidents observed in 2024, the rapid evolution of generative AI, and examples of how attackers are exploiting AI technologies. In addition, Hiroaki Kamoda, Executive Security Analyst at NTT DATA, and Yu Arai, General Manager of the Security & Network Business Division and Cybersecurity Specialist at the Ministry of Economy, Trade and Industry, will explain NTT DATA's current cybersecurity initiatives. The article also introduces NTT DATA's Managed Detection and Response (MDR) services as key information security measures that organizations should implement in 2025.

Index

Cyber Attack Trends in 2024
The Evolution of Generative AI and the Spreading of Misinformation
The potential for cyberattacks by multi-agent AI as a new threat
NTT DATA Security Services
NTT DATA Customer Support use cases

Cyberattack Trends in 2024

Looking back at the cybersecurity landscape in 2024, ransomware remained a critical and persistent threat. According to police statistics, the number of reported victims exceeded 100 for the first time in the first half of fiscal 2022 and reached 114 in the first half of 2024. Major incidents also drew significant public attention, including an attack on a large domestic publishing company in June 2024 and another on a major manufacturing company in October.
As these incidents continue to rise, two key trends should be highlighted.

1. Cyberattacks now affect organizations of all sizes.

Companies and institutions-regardless of scale-are experiencing damage. This indicates that cybercrime groups continue to launch indiscriminate attacks using ransomware and other malware. If a company or organization has even a small vulnerability in its systems, attackers can infiltrate it with relative ease.

2. The emergence and rise of "No ware ransomware."

Traditionally, ransomware attacks involve encrypting data and demanding payment for decryption. Some groups also use "double extortion" techniques, demanding additional ransom to prevent the release of stolen data.
No ware ransomware represents a new evolution of this threat. Instead of encrypting data, attackers steal confidential information-such as personal data or internal corporate documents-and threaten to publicly expose it unless payment is made. Because no encryption is required, these attacks are faster and more difficult to detect, making the resulting damage less likely to be immediately visible.

2024 Cybersecurity Review: Continued Ransomware Damege

Cybercriminal Activities Leveraging Large Scale Events in 2024

Another major topic in 2024 was the rise in cybercriminal activities exploiting large-scale global events.
During the Paris Olympics, numerous fake video streaming websites appeared, claiming to offer free broadcasts of the opening ceremony and competitions. Users who attempted to access these sites were deceived into entering personal and credit card information under the guise of "registration," leading to phishing scams.
Additionally, a fraudulent ICO (Initial Coin Offering) site emerged, promoting investment in a fake cryptocurrency called the "Olympic Games Token."
These incidents highlight a growing trend: cybercriminals repeatedly take advantage of high-profile global events. Such methods are expected to continue in the future. It is especially important to recognize that threat actors often manipulate SNS trending features to drive users toward malicious or fraudulent sites.

The Evolution of Generative AI and the Spread of Misinformation

In 2024, the rapid evolution of generative AI became widely apparent. While generative AI has great potential to help solve societal challenges, it has also fueled a surge in misinformation, fraud, and deceptive content.
A notable example occurred in the United States during the presidential election. In January 2024, more than 5,000 voters in New Hampshire received a deepfake robocall impersonating President Joe Biden. The message urged recipients not to vote in the primary election and misleadingly claimed that voting would "help re-elect Donald Trump." Although the suspect was later indicted, the case illustrated how deeply generative AI abuse had penetrated the political sphere.
Another example involved the news platform "BNN Breaking," headquartered in Hong Kong. Initially, the site attracted users by publishing AI generated versions of articles harvested from legitimate news outlets. Over time, however, it escalated to mass producing completely fabricated news articles using generative AI. Some of these articles were even republished by major media organizations before being verified. With over 10 million monthly visitors, it is believed the operation sought to generate advertising revenue through large-scale misinformation.
Generative AI misuse was also seen on Amazon Kindle, where multiple AI written biographies containing false information were published immediately after the death of well-known celebrities.
As countermeasures, technologies for verifying content authenticity-such as the C2PA (Coalition for Content Provenance and Authenticity) technical standard-are gaining attention and are expected to play a significant role in detecting misinformation and preventing its spread.

The New Threat: Cyberattacks Powered by Multi Agent AI

From 2025 onward, cyberattacks using multi-agent AI are emerging as a new and serious threat in the cybersecurity field. These attacks involve multiple AI agents acting in coordination, offering speed and efficiency far beyond traditional, human-driven cyberattacks.
In AI terminology, an "agent" is an autonomous system that perceives its environment, makes decisions, and takes actions to achieve specific goals without human intervention.
Multi-agent AI refers to a system where multiple such agents collaborate. In recent years, the development of platforms such as Microsoft's AutoGen and Google's Vertex AI has accelerated the adoption of these technologies.
For cybercriminal groups, repurposing multi-agent AI offers significant advantages. Traditional cyberattacks require human attackers to identify targets, scan for vulnerabilities, execute the intrusion, escalate privileges, spread laterally through networks, and exfiltrate data.
In contrast, multi-agent AI enables these processes to be divided among autonomous agents, operating automatically, continuously, and at speeds humans cannot match.
In response, defenders are exploring the use of multi-agent AI as well. Research is underway on systems that deploy AI agents across corporate devices, enabling real time collaboration to detect and mitigate threats. However, these defensive technologies are still in the early stages. As multi-agent AI continues to evolve beyond 2025, the technological arms race between attackers and defenders is expected to intensify.

NTT DATA Security Services

NTT DATA has been delivering cybersecurity services for more than 30 years. With over 7,500 security professionals worldwide and delivery centers in more than 80 locations, the company provides high-quality, cost effective solutions tailored to local laws and regulations.
In 2023, NTT DATA achieved the second largest global market share in managed security services (MSS). (*)
Given the rapid evolution of cyberattack techniques, organizations must stay prepared for emerging threats. To support this need, NTT DATA offers NTT DATA UnifiedMDR™, a comprehensive Managed Detection and Response (MDR) service.
NTT DATA's cybersecurity experts provide end to end support-from proactive prevention to minimizing damage during an incident. The service is characterized by two key strengths.

Figure 3: Overview of NTT DATA UnifiedMDR™ services

The first strength is NTT DATA's extensive experience in responding to security incidents worldwide over many years. The second is our proven track record in operating one of the world's largest Zero Trust environments on a global scale.
As a globally integrated group company, NTT DATA has established unified cybersecurity governance and a Zero Trust architecture across 59 countries and regions. We provide customers with solutions that leverage NTT DATA's ability to deliver a complete set of secure infrastructure-from data centers and networks to cloud environments and endpoints. This is supported by our world class, internally developed cybersecurity architecture, as well as the deep expertise gained from decades of incident response and global security operations.

Click here for examples of services provided to recruiters

(*) NTT DATA ranks second in the global market share in the "Gartner^® Market Share Analysis: Managed Security Services, Worldwide, 2023" Security Outsourcing Market Report

Gartner does not endorse any vendor, product or service depicted in Gartner's research publications. We also do not advise technology users to choose only the vendors with the highest ratings or other ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all liability, expressed or implied, regarding the merchantability of this research or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner Inc. or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

NTT DATA Customer Support Use Cases

Below are two examples of how NTT DATA has successfully supported customers through its global cybersecurity expertise.

1. Strengthening Global Security Governance for a Domestic Manufacturing Client

One case involved a major domestic manufacturing company seeking to enhance security governance across its group companies in Japan and overseas. As a global company originating in Japan, NTT DATA has long faced-and overcome-similar governance challenges within its own organization. These include:

Aligning security standards with overseas subsidiaries that have different cultures and operational practices
Building consensus across group companies of varying sizes
Raising the overall security maturity despite differences in personnel skill levels

Leveraging this practical experience, NTT DATA provided end to end support-from consulting and IT environment assessment to the design, construction, and operation of the customer's security governance framework.
As a result, the customer successfully achieved a security posture aligned with both industry expectations and their internal target standards.

2. Establishing Centralized Global Security Monitoring for a Manufacturing Client

Another example involved a manufacturing customer that operated multiple overseas sites. Their challenge was the lack of centralized monitoring across regions, which made it difficult to respond quickly in the event of a security incident.
To address this, NTT DATA established a unified monitoring and operational framework through its Security Operations Centers (SOCs) in Japan and the APAC region. The SOC team included experts from Japan with prior experience launching SOC capabilities for European branches, enabling a high level of global coordination.
This structure allowed NTT DATA to provide comprehensive, unified security monitoring and operational services 24 hours a day, 365 days a year, leveraging time zone differences to ensure uninterrupted global coverage.

NTT DATA continues to solve customers' security challenges by fully utilizing the expertise and governance capabilities it has developed through its own global operations.
Going forward, NTT DATA remains committed to supporting companies around the world in strengthening their cybersecurity.