AI, Cyberterrorism and Cyberwarfare

- Overview

The AI-enhanced hybrid warfare that cybercriminals and hackers conduct against institutions and individuals requires close attention to the latest threat intelligence, tactics, techniques, and procedures (TTPs) used by hackers. 

AI tools and algorithms can help detect and defend against cyber threats, but they can also be used by hackers in cyber attacks. Artificial intelligence (AI), which plays a huge role in cyberattacks, is proving to be both a "double-edged sword" and a "grand challenge". 

AI enables defenders to scan networks and defend against attacks more automatically, rather than manually. But in reverse, of course, it's the same game. Cyberattacks against national infrastructure and private companies have grown exponentially and come into focus since the Ukraine war.

AI-based tools can be used to better detect and defend against threats, but on the other hand, cybercriminals can use the technology to carry out sporadic attacks that are more difficult to defend against because there are so many at once.

- AI in Cybersecurity and Defense

Artificial intelligence (AI) in cybersecurity is gaining popularity as a way to detect and prevent cyberattacks. However, hackers can also abuse it for profit. AI has the potential to become a major factor in the digital security space as it provides cybercriminals with powerful tools that can be used to exploit cybersecurity. 

Hackers are constantly finding new ways to abuse cybersecurity vulnerabilities. They can use it to automate and accelerate attacks, allowing them to target multiple victims simultaneously and increasing their chances of success. 

AI can be used to identify weaknesses in computer systems and networks, which can then be exploited to gain access to sensitive data or systems. It can also be used to create malware and malware that can be used to compromise a network or launch a denial of service attack. 

A recent Microsoft Threat Intelligence report highlights tactics, techniques, and procedures (TTPs) used by Russian cybercriminals and state-sponsored hackers in their ongoing hybrid warfare campaign against Ukraine. 

Russian cyber activity during the first year of the war in Ukraine highlighted ransomware attacks targeting multiple government and private institutions. The report provides an in-depth overview of phishing attacks, malware, and social engineering tactics to gain access to sensitive data and critical infrastructure. 

Attackers may use artificial intelligence in advanced algorithms to analyze and identify patterns in data. The Russian approach is seen as a hybrid offensive, using influence operations and hacking and leaking tactics to create distrust between citizens and the government. This suggests that there is no geographic limit to the scope of a potential Russian attack. 

NATO said artificial intelligence, which plays a huge role in cyberattacks, has proven to be both a "double-edged sword" and a "great challenge". Since Russia's full-scale invasion of Ukraine in February 2022, cyberattacks against state infrastructure and private companies have grown exponentially and come into focus.

[Columbus Circle, New York City - Civil Engineering Discoveries]

- AI, Cyber Conflict and War

Due to the stealthy nature of cyber conflict activities and the paucity of public disclosure surrounding them, the extent to which AI is deployed in a particular conflict may not be fully understood. 

Nonetheless, given the growing acceptance of AI technologies and their potential to improve cyber attack and defense capabilities, we can speculate that AI has been used in cyber conflict operations to some extent. 

An example of the use of artificial intelligence in cyber conflict is the deepfake of Ukrainian President Volodymyr Zelensky telling the Ukrainian military to abandon the fight against Russia. 

AI has the potential to improve the capabilities of cyber attackers. Malware generation, vulnerability detection, and other attack stages can be automated and optimized using AI algorithms. AI-driven attacks can be more sophisticated, adaptable and elusive, making them harder to identify and stop. 

AI can also support defensive strategies in cyber conflicts. AI systems can analyze large volumes of network traffic and security records to spot trends and anomalies that could be signs of a threat or attack. AI-based defense systems can quickly identify and block attacks, providing organizations with better protection. 

While AI may help with cybersecurity and defense, it is also being used by bad actors to increase the scope and sophistication of attacks. Adversarial machine learning uses artificial intelligence to exploit vulnerabilities in the machine learning algorithm itself. 

Attackers can use techniques such as data poisoning or adversarial examples to manipulate AI models and trick them into making incorrect predictions or decisions. This has major implications for cyber conflict, as AI-driven systems increasingly rely on machine learning for different tasks, including malware detection and cybersecurity.

[More to come ...]