Globally, the estimated cost of recovering from the impact of the WannaCry attack is between $4 billion and $8 billion.
Not long after the WannaCry attack, businesses and governments around the world were impacted by a similar, more devastating, attack known as NotPetya.
AI-based attacks could have even more profound global impacts than either WannaCry or NotPetya due to their increased sophistication and adaptability.
The Cyber Grand Challenge, as it was known, carried a $2 million prize for first place and featured no human competitors.
At the start of the competition, a network cable was symbolically cut, isolating the competitors from their creators and the outside world.
The creation of an entirely new operating system and applications meant that all competitors faced a zero-knowledge challenge against which they would be graded.
Defense: Competitors need to defend against attacks from other competitors.
To do this, competitors dynamically inserted or appended code to prevent others from exploiting vulnerabilities that they discovered.
Functionality: Competitors lost points if their patches impacted functionality, degraded performance or took systems offline.
Attack: Competitors had to identify vulnerabilities in other competitors' systems, configuration and code and then create and successfully exploit them.
To help observers of the competition, 'pew pew' maps and human commentators were on hand to narrate the actions and activities of each competitor and how they fit in with the overall scoring.
The atmosphere, at least amongst observers and the competitors' teams, was tense and fraught with drama, especially when, approximately halfway into the multi-round event, 'Mayhem,' a competitor who had steadily built up a significant lead over its adversaries, stopped working.
The development team behind Mayhem asked to reboot the competitor.
While the system stopped attacking and defending, it still earned points for functionality and keeping its systems online.
The impact was that other competitors reduced Mayhem's lead but at a slower rate than may have been expected.
Mayhem had built the lead, not by being significantly better at attacking or defending, but due to the strategy engine that it employed in doing so.
While many competitors lost points by taking systems offline to patch them, Mayhem gained points by keeping systems online, performant and functional.
In 2018, two years after the Cyber Grand Challenge and one year after the WannaCry and NotPetya attacks, Plan-X, a U.S. Army project to automate cyber operations, amalgamated with similar projects from the U.S. Air Force and an obscure and secretive department of the Pentagon, called the Strategic Capabilities Office, to create Project Ike.
While many will point out that the U.S. and UK are allies and carry out joint operations across several adversarial frontiers and that it is unlikely that they will directly target, attack or otherwise impact UK interests, it's worth remembering that the enabling element of both WannaCry and NotPetya were originally tools developed, and lost or stolen from, U.S. intelligence agencies.
While the idea that AI is the sole purview of large multinational corporations and nation-state actors may be comforting to some, it is worth bearing in mind that AI and ML performance accelerators are widely available, ranging in price from around $30 to many thousands of dollars, and that at least one of the competitors from the Cyber Grand Challenge vowed to always keep their competitor, and future developments, open source.
This Cyber News was published on securityboulevard.com. Publication date: Wed, 17 Jan 2024 15:43:07 +0000