Is there such a thing as a digital pandemic?
The Oxford Dictionary defines a pandemic as “a widespread occurrence of an infectious disease over a whole country or the world at a particular time.” Due to the COVID-19 outbreak, the world automatically associates “pandemic” with this virus. However, if “infectious disease” is replaced with “ransomware attack,” this definition applies to the 2017 WannaCry attack.
These two pandemics are synonymous, one caused by a virus named SARS-CoV-2 and the other digital, exploited by a Microsoft Windows vulnerability known as EternalBlue. COVID-19 and WannaCry’s ransomware attack spread rapidly across international borders, with WannaCry infecting computers in over 150 countries in a matter of days and COVID-19 spreading to every country within a few months. But the similarities don’t stop there.
Similarities
The gap between the physical world and the digital world is rapidly deteriorating. Case-in-point:
● The U.S. Energy Department has concluded that the SARS-CoV-2 virus was leaked from a laboratory in Wuhan, China, fueled by the proximity of the Wuhan Institute of Virology. Similarly, the WannaCry ransomware attack’s EternalBlue exploit is believed to have been developed by the United States National Security Agency (NSA). This exploited code was part of a cache of hacking tools leaked by a group calling themselves "The Shadow Brokers" in April 2017.
● WannaCry and COVID-19 spread across international borders, impacting nearly every country in months.
● COVID-19 found fertile ground in areas lacking public health measures and few immunities for other illnesses. The WannaCry attack found fertile ground in older, unsupported, unpatched versions of Windows XP. In both cases, the lack of a patch, either in the form of a vaccine or an operating system (OS) update, allowed each attack to exploit vulnerabilities–digital and human.
● Both events caught many governments off-guard. In the case of WannaCry, many entities were using outdated or unsupported software and lacked effective cybersecurity measures. Similarly, many countries were not prepared for a pandemic of COVID-19's scale, lacking sufficient public health infrastructure, emergency plans, and medical supplies.
● In response to WannaCry, a kill switch was discovered, subsequent patches were deployed, and cybersecurity awareness was intensified. The COVID-19 pandemic saw a swift scientific response with the development of vaccines and adaptations in behavior and policy to mitigate the spread.
● An Associated Press analysis found that fraudsters potentially stole over $280 billion in COVID-19 relief funding. Globally, the estimated cost of recovering from the impact of the WannaCry attack is over $4 billion.
Suppose traditional pandemic definitions are applied to ransomware instances. In that case, it’s clear that they are evolving from “attacks” and are now definitively in the realm of digital pandemics plaguing the entire planet. In 2017, when the WannaCry pandemic was released, Large Language Models (LLMs) such as ChatGPT resulted from the advent of “transformer neural networks,” a form of AI. Over the past seven years, AI programs have taught themselves defensive tactics (identifying and preventing cyberattacks) and offensive maneuvers (patching and identifying attack vectors).
Machines Learning to Hack From Machines
The WannaCry incident demonstrated the extreme havoc that ransomware attacks can wreak. The progression from traditional malware attacks to the potential threat of AI-based cyberattacks represents a significant escalation in sophistication and danger because they can adapt, evade, and use real-time analytical capabilities.
In 2016, as part of the famed DEF CON cybersecurity conference in Las Vegas, Nevada, The Cyber Grand Challenge put digital hackers together in a head-to-head hack-a-thon. The 10 participants were glowing, seven-foot-tall racks of servers that represented the culmination of three years of research and development by different teams of brilliant human AI minds.
The grading was based on three metrics:
-
Defense: Competitors need to defend against attacks from other competitors. To do this, competitors dynamically insert or append code to prevent others from exploiting discovered vulnerabilities.
-
Functionality: Competitors lost points if their patches impacted functionality, degraded performance, or took systems offline.
-
Attack: Competitors had to identify vulnerabilities in other competitors’ systems, configuration, and code and then create and successfully exploit them.
Upon the event’s conclusion, a participant known as Mayhem emerged as the winner. Mayhem established the lead because it did not take its systems offline to patch them when it found a vulnerability. Instead, Mayhem went offline and remediated the vulnerability when one of its competitors discovered the flaw and tried to exploit it. While many competitors lost points by taking systems offline to patch them, Mayhem gained points by keeping systems online, performant, and functional.
When it came to attack, Mayhem dominated the field by creating distractions to make other competitors think it had found a vulnerability in one aspect of the system. This distraction technique was so successful that Mayhem even tricked the human commentators into believing and announcing that Mayhem had found a vulnerability when there wasn’t one.
Given this hacking competition, the possibility of a cyber threat that not only self-propagates but also learns and adapts in real-time, analyzing any defense and modifying its tactics to evade detection and maximize damage is not farfetched.
Conclusion
Cyber-ops have shifted from espionage activities to targeting infrastructure and societal disruption while adding an ominous context and comparison to the weaponization of AI. Most of AI’s visible applications are benign – like ChatGPT. However, the same technology that powers a conversational agent could, in theory, be harnessed to create cyber weapons of unprecedented adaptability and destructiveness.
Military and defense organizations across the globe are exploring the integration of AI into their cybersecurity strategies. For example, Project Ike, a collaborative effort involving the U.S. Army, Air Force, and the Pentagon's Strategic Capabilities Office, represents a collective effort to stay ahead in the cyber arms race, automating cyber operations and potentially developing defensive and offensive capabilities.
Paul Nakasone and Michael Sulmeyer highlighted the significance of this shift towards AI in cyber warfare in their 2020 paper, "Cyber Command’s New Approach." They noted the possibility of an AI-powered worm that could disrupt a wide range of digital and industrial systems beyond personal computers. This statement underscores the urgency of developing robust AI-driven defense mechanisms.
The transition from today’s cyber threats to AI-pandemic attacks marks a new era in cybersecurity where decisions about the threats' adaptability, speed, and intelligence happen at the speed of light. The efforts of entities like Project Ike demonstrate the seriousness with which this evolving threat landscape is being addressed. As AI becomes a cyberwarfare weapon, it becomes increasingly apparent that defense strategies must follow suit.
Viruses and digital pandemics are taking parallel destructive courses. Similarly, as AI has done, the challenge for humanity is to learn from mistakes and apply the knowledge toward vigilant and innovative defense strategies.