Finland’s Mikko Hypponen, chief research officer at WithSecure, a provider of cybersecurity solutions for businesses, is one of the most prominent cybersecurity experts in the world, an AI researcher, and a bestselling author.
He has been actively involved in analyzing and combating various cyber threats for more than three decades and has made major contributions to the cybersecurity community.
In May 2003, Hypponen and his team dismantled the global network used by the Sobig.F worm, and in 2004, he was the first researcher to let the world know about the Sasser worm.
Hypponen has also held classified briefings on the workings of the Stuxnet worm – an extremely complex worm that was used to attack Iran’s nuclear program.
His 2011 TED Talk: “Fighting viruses, defending the Net” has been viewed more than two million times, and he is the father of the Hypponen Law: “If it’s smart, it’s vulnerable — or, to paraphrase, whenever something is described as “smart” you should be hearing “it’s vulnerable.”
Hypponen has written for The New York Times and Scientific American, and he has lectured at Oxford, Stanford, and Cambridge universities. Over the past 30 years, he has given hundreds of talks in more than 40 countries, including keynotes at the most important security conferences, such as DEF CON and Black Hat Asia, and testified for the European Parliament.
So Techopedia took the opportunity to ask Hypponen what he considers his five biggest cybersecurity threats and his view on cybersecurity in the context of warfare.
Q: What AI-related cyber threats are you most concerned about?
A: 1. Deepfakes
Video and audio used for scams and influence. We’ve seen examples of these already — it’s going to get worse.
- Deepscams
Scam categories like romance scams, auction scams, investment scams, and Airbnb scams will be automated. Instead of one scammer scamming a handful of victims, AI can scam a million victims at the same time.
- Large Language Model Malware
Large language models (LLMs) can write code. We’ve already found 3 examples of malware that rewrites itself every time it replicates by using GPT.
[One example of a self-replicating piece of code is the LLMorpher virus that can use large language models to create endless variations of itself, which Hypponen speaks about on LinkedIn.]
Zero-day vulnerabilities are gaps in the system that software creators do not know about or have not yet announced and fixed. AI will be able to discover vulnerabilities like this by examining the source code or the compiled binary code.
- Automated Malicious Software
Cybercriminals, aiming to enhance the effectiveness of their attacks, will work to fully automate their malware campaigns. AI-driven malware could react to a defender’s moves in real-time to avoid detection. As security companies already use AI extensively, this would lead to a clash between good and bad AI.
Q: How has the development and use of cyber weapons revolutionized modern conflicts?
A: Compared to traditional weapons, cyberweapons are effective, affordable, and deniable. They are effective because their destructive power is similar to bombings or to missile strikes, but they are also cheaper than traditional weapons.
Cyberweapons also offer plausible deniability: proving who was behind a network attack is very difficult. This is why we see more and more development of offensive military cyber tools.
Q: How does the war between Russia and Ukraine serve as an example of the impact of cyber weapons in modern conflicts?
A: The Russian government has been attacking Ukraine’s infrastructure with cyber attacks over and over again for the last decade. They’ve succeeded in cutting electricity with their cyber attacks at least three times.
In addition, they’ve been able to destroy civilian cyber infrastructure (such as banking information) as well as shut down systems used by the Ukrainian border control, and civilians were fleeing the warzone to neighboring countries.
Q: How has Ukraine shown resilience in defending against cyberattacks?
A: Despite the large amount of attacks from Russia, Ukraine has been able to defend against most of them. Ukraine might be the country with the most practical experience in defending against cyber weapons.
Most other countries play war games and run drills against fictional attacks: Ukraine has been doing this against real attacks for 10 years.
Q: Since Russia invaded Ukraine, have there been more cyber threats against European organizations from threat actors allied with Russia? If so, why is that the case? Can you offer examples of this?
A: Almost all of the destructive attacks launched by the Russian government during this conflict have been against Ukraine. The Russian governmental attacks that have been targeting the rest of the world have mostly been spying and intelligence gathering.
Russian groups that are not directly linked to the government are a different story. We regularly see politically motivated denial-of-service attacks from Russia patriotic hacker groups. And then we have the Russian ransomware gangs: they always target victims outside of Russia, mostly to keep the interest of Russian law enforcement low.
Q: How can countries prepare for future cyberattacks?
A. Research, educate, invest, train. Run table-top attacks [simulated cybersecurity attacks]. Most importantly, take this threat seriously.