A Clear and Present Danger: Preparing for Cyberwarfare

Nadir Izrael, Co-Founder and CTO of Armis, outlines why cyberwarfare is “a clear and present danger” to their companies across industries. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

According to recent research from Armis, nearly nine in ten (87 percent) IT leaders are concerned about the impact of cyberwarfare on their organization. There is mounting evidence that China, Russia, and North Korea continue to attack the critical infrastructure sectors of the U.S. These nation-state cyberattacks, which are advanced persistent threats (APTs), have roots that stretch back nearly two decades.

Preventing these attacks is challenging because of how well-resourced our adversaries are compared to the average cybersecurity team. APTs only need to find one weak point, such as a vulnerable asset or exposed credentials, but cybersecurity teams triage hundreds of alerts. Consequently, even though 81 percent of IT leaders say moving to a proactive cybersecurity posture is a top goal for their organization in the year ahead, 58 percent of organizations admit that they currently only respond to threats as they occur, or after the damage has already been done.

Furthermore, AI is transforming how threat actors can conduct cyber-attacks with greater speed and efficiency. Nearly three-quarters (73 percent) of IT leaders are specifically worried about nation-state actors using AI to develop more sophisticated and targeted cyber-attacks. Security leaders need to be aware of AI-powered cyberwarfare and how they can help secure their organizations moving forward, which begins with understanding the nature of the threat.

A Field Guide to APTs

APTs and cyberwarfare go hand in hand. Volt Typhoon has been attributed to China, Cozy Bear to Russia, and Reaper to North Korea, just to name a few.

Volt Typhoon conducts reconnaissance of network architectures, gains initial access through vulnerabilities, and aims to obtain administrative access. The security industry refers to these as tactics, techniques, and procedures (TTPs). Understanding the most common TTPs is vital to preventing these attacks.

The risk of cyberwarfare is not limited to China. Cozy Bear is an example of a notable Russian APT that has been targeting U.S. government systems for more than a decade. The SolarWinds breach, which elevated awareness of supply chain risks, was purportedly conducted by Cozy Bear. Their TTPs tend to focus on gaining access through credentials via phishing or cached RDP access.

Unfortunately, whether discussing vulnerable assets, exposed credentials, or social engineering, threat actors have learned that AI can make their attacks more successful.

How APTs Use AI

AI-enabled attacks have the potential to be more adaptive, evasive, and impactful than the last generation of attacks. Security researchers have demonstrated the effectiveness of AI-enabled phishing attacks.

Given Cozy Bear’s penchant for social engineering, it should be concerning that they could now automate highly personalized messages for large-scale phishing attacks against the U.S. government. Likewise, consider Volt Typhoon’s affinity for targeting vulnerable assets. AI models can be trained to scan for specific vulnerabilities or unleashed on a single target to identify their weaknesses.

AI can even automatically execute attacks when it finds vulnerabilities, without human intervention. Furthermore, AI can automate the development of malware to dynamically generate code to evade detection. And frankly, this is just the tip of the iceberg. We know these are the most obvious scenarios because we are already beginning to observe them.

Shifting Left of Boom

The time to act is now. Organizations cannot change the nature of the threat, but they can change how they respond. And with most organizations still responding to attacks only after they occur, it’s imperative that security leaders shift their programs left of boom.

Preemptive security begins with complete visibility across IT, OT, IoT, IoMT, and cloud environments. It’s more than just discovering assets and creating an asset inventory; it’s also understanding how they are connected and if they are vulnerable to prioritize and remediate risks. The good news is that AI-enabled security solutions offer various features to combat cyberwarfare. For example, behavioral analysis is an AI capability that detects deviations from normal behavior patterns.

This is a call to arms. Just as our adversaries can automate the discovery of vulnerabilities and the execution of attacks, AI-enabled cybersecurity can identify blind spots, discover vulnerable assets, automate threat hunting, and even reconfigure security settings in real-time to respond to threats before they cause disruption.