6 historical threat patterns suggest that cyberwar could be inevitable

Predicting cyber threats is a difficult goal to achieve. Unlike healthcare, where early diagnoses can be used to predict and hopefully prevent disease, there has never been a reliable way to determine that an attack is imminent. This is especially true for isolated cyberattacks, such as data theft, which are often decided on a whim.

That said, this author recently noticed that some historical patterns exist and can be used to predict large-scale cyber threats. Unfortunately, as we will see below, analysis and extrapolation of the patterns suggest an uncomfortable progression towards a major global cyber war. Let's review the relevant models.

Threat type 1: worms

In 1988, the was created by a student for the innocent purpose of determining if such a program could work. This was followed by a long period of minimal worm activity, interrupted in 2003 by a major outbreak of worms such as , and . These worms have caused major commercial operations.

The pattern here was that an initial small-scale attack occurred in 1988, followed by 15 years of relative calm, ending in a significant large-scale attack. scale in 2003. Worms are still a cyber threat, but their design hasn't changed much since 2003. Worms are once again enjoying a period of relative calm.

Threat Type 2: Botnets

In 1999, the first botnet appeared, followed by a similar attack in . This was followed by a period of relative calm in terms of innovation in DDoS attack design. Attack volumes, for example, remained relatively constant until 13 years later, when Iranian hackers launched a series of massive Layer 3/7 DDoS attacks on .

Again, the pattern was that an initial small-scale attack occurred in 1999, followed by 13 years of quiet, ending with an event at scale in 2012 . Like worms, botnets are still a security concern, but they haven't seen significant design changes since 2012. Botnet design is also experiencing a period of relative calm today.

Threat Type 3: Ransomware

In 2008, an article by the anonymous presented . That year, nearly half of all Bitcoin transactions were initiated for nefarious purposes. Not much changed in terms of the use of cryptocurrency for illegal activities for about 11 years until around 2019 when it exploded as a massive problem.

Once again, the first small-scale threat appeared in 2008, followed by 11 years of relatively constant abuse, culminating in an explosion of ransomware as a problem < em>on a large scale . remains a problem, but the core mechanism and approach hasn't changed much since 2019.

Threat type 4: ICS attacks

In 2010, electronic attackers launched the attack on an Iranian nuclear processing facility. This futuristic campaign targeted a centrifuge and spun it out of control, causing a lot of physical damage. Since then, we have seen relatively few spikes in ICS attack intensity, despite a 2015 Russian attack on Ukrainian power infrastructure.

With our pattern analysis, we can start with the small-scale Stuxnet incident in 2010, add around 14 years, and predict a massive wave of large-scale ICS attacks coming in 2024. This would likely involve ICS attacks occurring with the frequency and inevitability of ransomware today. The potentially serious consequences of such attacks cannot be underestimated.

Threat Type 5: AI

In 2013, was an early innovator in applying artificial intelligence (AI) to cybersecurity issues. In the years that followed, AI techniques such as machine learning became de rigueur for cybersecurity, primarily for defense. Few major breakthroughs have taken place in this area over the past decade, with the exception of vendors creating AI products.

Using our pattern analysis, we can start with a small-scale application of AI in 2013, add about 14 years, and predict that security incidents related to the 'Mass-scale AI' will occur in 2027. It seems reasonable to expect such innovation to involve the use of AI for cybercrime. China seems well positioned to engage in such threats.

Threat Type 6: Cyber ​​Wars

Dorothy Denning showed how cyberattack could complement conventional warfare, and it was troubling indeed. Nevertheless, the first real battles of cyber warfare have not yet taken place. We have never seen, for example, significant loss of life as a result of cyber warfare.

Our definition of cyberwarfare is that it involves the use of cyberattacks as the primary means to accomplish the combatant's ultimate mission. This includes using cybercrime to kill people, damage or destroy infrastructure, and claim ownership and control of cities and regions of certain adversarial nation states.

So we might expect the first real cyber war to happen later in 2022 between Russia and Ukraine. If we add 14 years to this impending event, we can predict that a full-scale global cyberwar will occur in 2036. China, the European Union and China will likely be involved.

Cyber ​​warfare: the implication of predictive modeling

Our analysis suggests that organizations should start preparing for ICS attacks, AI-based offensive attacks, and global cyber warfare. While such depressing events may produce a moment of pause, it is equally disturbing to look back at the progression of cyber threats, from innocent hackers to state actors.

Cybersecurity readiness guidelines are beyond the scope here, but risk reduction can come from the following: First, cybersecurity education must be enhanced to expand the skilled workforce. Second, inflexible hardware components need to be replaced with more virtualized software. And third, the cyberinfrastructure must be simplified. Complexity always rhymes with insecurity.

Ed Amoroso is the founder and CEO of Tag Cyber.