Tag: Threat Intelligence

By Glen Williams, CEO, Cyberfort

When the United States and Israel launched coordinated strikes against Iran on 28 February 2026, the response was not limited to missiles and military assets. According to CloudSEK, more than 60 Iranian aligned hacktivist groups activated on Telegram within hours. The company described it as the largest single event mobilisation of this ecosystem ever recorded.

The target was not military bases. Instead, it was infrastructure used by civilians.

CloudSEK reports that more than 40,000 US industrial control systems are reachable on the public internet, many protected by default or no credentials. Data from Forescout and Shodan in 2024 also counted over 40K exposed ICS devices in the United States. These systems help run water plants, electricity networks and fuel operations.

Is Cybercrime The New Warfare?

The report concluded, “The barrier to ICS disruption is no longer technical. It is motivational. And the events of 28 February 2026 have provided motivation to 60+ groups simultaneously.”

This raises the question: is the digital world becoming the modern day battlefield? The World Economic Forum spoke about this in a 2017 article and these words are still relevant today. They said, “Sure, cyberwar is better than a kinetic or physical war in many ways, but it could also make war worse. Unless it’s very carefully designed, a cyberattack could be a war crime.”

They continued, “Well, you could go the old fashioned way — call in some airstrikes or send troops to blow up the building — but this would be an open declaration of war, worsening tensions. It would also be a political disaster if your troops or even drones were captured.

“Now, there is another way: you could launch a cyberattack against the facility. This is more invisible and therefore less risky. It’d take too long to directly hack into the facility’s secure network, but you’ve already created an email virus that can knock out the town’s energy grid, which would take out the base.”

An interesting question and topic here. With the rest of the world moving digital, it would only make sense why this is being considered, and many say it has already been the case for decades.

Mike Maddison, CEO of Global Cybersecurity Company NCC Group:

Cyber activity in the Middle East

“The current conflict in the Middle East is proof that cyber operations have become fully integrated with military strategy. Israel and the US have combined cyber attacks with physical strikes to contribute to Iran’s communications blackout. Overall, the majority of cyber activity tied to the Israel–Iran conflict consists of DDoS attacks, website defacements, exaggerated breach claims, and widespread AI‑driven misinformation. This activity is high in volume but low in impact, rather than being materially disruptive.

“The breadth of global supply chains means that while Iran’s cyber capabilities are focused on Israel, the US and the Gulf-region, global companies still need to be vigilant. Supply chains and widely connected digital infrastructure face a realistic risk of disruption or being caught in an information war.”

GPS jamming

“The use of GPS jamming in the Middle East is a timely reminder of the fragility of our reliance on satellite navigation systems. All Global Navigation Satellite System (GNSS) platforms share a critical vulnerability – their signals are inherently weak and susceptible to targeted jamming. This situation underscores the urgent need for robust security investment to safeguard critical national infrastructure.

“The maritime sector remains a high value target due to the scale of disruption a successful attack can cause. As threats evolve, the industry must shift from reactive defence to proactive resilience strategies. Alternative technologies like Long Range Navigation (LORAN) or emerging quantum-based systems offer promise, but neither has yet been delivered at scale. Until then, resilience must come from layered defences and strategic foresight.”

Experts Share Their Thoughts On Cybercrime As The New Battlefield

More experts answer the question…

Our Experts:

  • Jorge Monteiro, CEO, Ethiack
  • Glen Williams, CEO, Cyberfort
  • Paulo Cardoso do Amara, Former CIO and NATO Scientific Advisor on Cybersecurity
  • Jack Alexander, Senior Threat Intelligence Analyst, Quorum Cyber
  • Joseph M. Saunders, Founder and CEO, RunSafe Security
  • Adam Darrah, VP of Intelligence, ZeroFox
  • Kaveh Ranjbar, Co-Founder & CEO, Whisper Security
  • Alexander Niejelow, CEO, Cyber Advisory, Hilco Global
  • Syed Asif Ali, Founder & Digital Media Strategist, Point Media
  • Brian Long, CEO and Co-founder, Adaptive Security
  • Cindy Murray, Chief Information Security Officer (CISO) & Systems Architect, Murray Digital

Jorge Monteiro, CEO, Ethiack

“A wide range of hackers, from cybercriminals to state actors, have fully weaponised AI. On the digital battlefield, threat actors no longer just use AI tools, but instead deploy fully autonomous malware that probes and exploits vulnerabilities in IT systems, even evolving its approach with minimal human input.

“The real-world impact of this AI-enabled cyber threat is an order of magnitude greater than anything seen before – as it can impact entire economies, not just individual organisations. In 2025, an attack on the British carmaker Jaguar Land Rover sent UK car production crashing to its lowest level in 70 years and knocked nearly 0.2% off the UK’s GDP.

“With conflict again raging in the Middle East, there is a risk of more such disruption in 2026: not just from data loss and extortion, but operational paralysis across entire industries.

“To keep pace, organisations must move away from periodic testing of their cyberdefences to adopt continuous, AI-driven security validation. Ethical, autonomous AI tools will become mainstream as enterprises realise they need the same automation and adaptability as that being used to attack them.

“Frameworks like DORA and NIS2 will accelerate this shift toward continuous assurance, and while AI will dominate the front line, human cybersecurity professionals won’t disappear. In our work, AI agents and ethical hackers routinely uncover different classes of vulnerabilities, and only together do they form a complete defence.

“2026 will see the fastest learners, who empower AI to help them find and fix weaknesses before criminals can exploit them, forge ahead. In a year defined by autonomous AI-led attacks, the greatest risk will be standing still.”

Glen Williams, CEO, Cyberfort

“Cyber conflict is no longer a future concern. It is already a core component of modern warfare. When geopolitical tensions rise, the digital domain is often the first-place retaliation appears. What we are seeing now is a clear example of that shift. Cyber operations can disrupt infrastructure, spread misinformation and undermine confidence without a single physical strike.”

“AI is accelerating this trend further. It lowers the barrier to entry for threat actors, automates reconnaissance and allows attacks to be launched at greater scale and speed. That means nation state groups and other threat actors can target energy networks, financial services, communications systems and government infrastructure more efficiently than ever before.”

“The question is not simply whether the US is prepared. It is whether any country is truly prepared for the pace and complexity of modern cyber conflict. The UK faces the same reality. As a highly connected digital economy with globally significant financial services, defence capability and critical infrastructure, the UK remains an attractive target for both state backed groups and opportunistic attackers. Defensive strategies built around traditional security controls are struggling to keep up with highly adaptive, AI assisted adversaries.”

“What this moment underlines is that cyber resilience must now be treated as national security infrastructure on both sides of the Atlantic. Governments and critical industries must assume that digital systems will be targeted during geopolitical crises. Preparation means stronger public private collaboration, continuous threat intelligence sharing and infrastructure designed with resilience at its core rather than as an afterthought.”

Paulo Cardoso do Amara, Former CIO and NATO Scientific Advisor on Cybersecurity

“The digital world grows in importance at the same pace as the dependence that both organisations and citizens place upon it. What once began, in the late 1980s, as a modest infrastructure for sending emails, sharing files, and participating in a few discussion forums has evolved into the nervous system of modern society.

“Interestingly, malware appeared almost as soon as the internet itself became useful. Since around 1988, malicious software has been a persistent reality of the digital ecosystem. In other words, vulnerability was born alongside connectivity and, today, the very dependence on digital systems has become a strategic attack surface.

“Yet it would be simplistic to claim that the digital world alone constitutes the modern battlefield. In reality, it is merely one dimension of a broader strategic landscape. The foundations of this multi-dimensional conflict can be traced back to the 1980s with the articulation of what analysts later called Fourth Generation Warfare.

“In this form of conflict, battles are not fought exclusively with tanks and missiles but across several arenas simultaneously, including economic pressure, intelligence operations, information influence, and political maneuvering. Conventional warfare still exists, of course, as the conflicts in Ukraine and tensions involving Iran clearly demonstrate. But these kinetic engagements now coexist with subtler forms of confrontation where perception, disruption, and influence become decisive.

“In this sense, cyberspace is not a replacement for traditional conflict. It is an extension of it.

“Technology, meanwhile, continues to evolve at a remarkable pace, transforming both offensive and defensive capabilities. Cyberwarfare illustrates this dynamic particularly well. In this context, AI has become a powerful accelerator, amplifying the effectiveness of both attack and defense. However, the decisive factor is not technology alone. As Sun Tzu famously argued “victory belongs to those who understand the terrain and the enemy”. In the digital domain, this terrain is made of code, networks, protocols, and data flows. Mastery therefore depends less on possessing technology and more on understanding it deeply.

“Therefore, those who know how to employ technology strategically are the ones who achieve their objectives.

“From this perspective, the United States occupies a particularly strong position. A significant portion of the digital infrastructure used globally originates from American technological ecosystems. Many of the foundational layers of the internet, from hardware architectures to operating systems and communication protocols, have been developed by U.S. companies and research institutions. This technological primacy creates not only economic advantage but also strategic leverage in pure tactical terms.

“The informational dimension reinforces this position even further. Major technology companies exercise enormous influence through the platforms that mediate global communication. Social networks, search engines, and digital services shape the information environment in which billions of people operate. While these platforms can be exploited by hostile actors, the underlying algorithms and infrastructures remain largely controlled by the companies that designed them.

“Artificial intelligence amplifies this phenomenon dramatically. AI systems can analyse vast volumes of unstructured information, generate persuasive narratives, and adapt content to specific audiences. In the realm of information warfare, this capability becomes a formidable instrument for shaping perceptions. Machiavelli would likely recognise the principle immediately because power often lies not merely in force but in the ability to shape what people believe.

“Thus, artificial intelligence is rapidly becoming one of the most potent weapons in the information domain, particularly in the hands of those who control the digital platforms through which narratives circulate.

“In the language of Clausewitz “war is the continuation of politics by other means”. In the digital age, those means increasingly include algorithms, networks, and data and the United States possesses substantial tactical capabilities in this environment. Whether these capabilities translate into strategic success ultimately depends on how effectively they are employed.

“Technology, after all, provides the weapons. Strategy determines victory.”

Jack Alexander, Senior Threat Intelligence Analyst, Quorum Cyber

Cyber in modern conflict:

“In modern conflict an immediate surge in hostile cyber aggression is to be expected. No longer are wars fought exclusively via the land, air and sea but also within cyberspace. This relatively new phenomenon is known as ‘hybrid warfare’ and is designed to weaken the opponent by directly targeting Critical National Infrastructure (CNI), but can also be used to achieve other strategic goals such as, sowing disinformation and disrupting civilian business continuity.

“This is not the first time that offensive cyber targeting has been used to impact CNI alongside traditional military activity. In 2022, Russian wiperware was deployed against the European Viasat network with the intended aim of impeding Ukrainian military communications, due to the heavy usage of the platform by Ukraine. This highlights the growing normalisation of CNI targeting during times of conflict as another means of disrupting your enemy.”

How AI can be used as a force multiplier:

“The time between vulnerability discovery/disclosure and active exploitation is now as little as 15 minutes via AI powered automated active scanning of networks. Actors are leveraging AI to automate routine tasks, including script generation, attack templating and consistent messaging during extortion efforts.

“Alongside this, social engineering is no longer just phishing with better grammar it is hyper personalised. Attackers can automate Open-Source Intelligence collection to profile targets and craft highly personalised lures that mirror their role, organisation and professional relationships.”

More from News

Joseph M. Saunders, Founder and CEO, RunSafe Security

“Cyber conflict rarely begins with a declaration of war. It unfolds in a persistent gray zone where nation-states and their proxies map networks, test defenses, and pre-position themselves inside critical infrastructure for future leverage. We’re seeing this play out in real time with Iran’s response to the US-Israel strikes.”

“AI has fundamentally changed the cost equation for attackers. Nation-state actors can now move faster, generate more convincing intrusion campaigns, and probe more targets simultaneously than ever before. When you combine that with pre-positioned access in critical infrastructure, like the persistent footholds we’ve seen from groups like Volt Typhoon, you have the ingredients for a very consequential attack.”

“Power grids, water systems, and communications networks are key targets for effects and to achieve outcomes of consequence, but much of this infrastructure was never built to absorb nation-state aggression. The US has world-class offensive cyber capabilities, but our defensive posture for industrial systems remains dangerously inconsistent. Every kinetic action, like the US-Israel strikes on Iran, now has an immediate digital echo. The digital world and the physical battlefield have merged, making cyber resilience the new deterrence.”

Adam Darrah, VP of Intelligence, ZeroFox

“Yes, and it has been since at least what is referred to as the “Arab Spring” or “Arab Awakening”. The digital battleground has encompassed and continues to include social media, mis- dis- and mal-information campaigns, offensive cyber operations that can shut down a country’s energy, military, or other systems. The digital space is where espionage, intelligence, marketing, civil society, shopping, politics, charity, convenience and war all converge. Adversaries do not see a sacred space that is off limits in war, peace, or intelligence collection.”

Is the US prepared?
“Yes. The United States has invested heavily in cyber defense capabilities and deterrence, and any actor considering cyber operations against US systems should assume there would be significant consequences. There is also a lot to unpack when discussing claims of a “surge” in Iranian-aligned cyber activity targeting US critical infrastructure, particularly when AI is described as a force multiplier for threat actors.

The US has adopted what is known as strategic ambiguity when it comes to what constitutes an act of war, probably to disincentivize adversaries to test red lines and ultimately deter conflict. Current administration officials have stated recently that any cyber attack against critical digital infrastructure could be considered an act of war.

When discussing “critical infrastructure”, it’s important to be precise. The US views as a matter of policy that any cyber-attacks against critical infrastructure such as water, sanitation, electricity and other critical systems could be considered precursors to an armed attack against the US homeland.”

Kaveh Ranjbar, Co-Founder & CEO, Whisper Security

“Calling this a “new battlefield” misses the point. Cyber has been the battlefield for years. The strikes make the news. The retaliation is already running.

“What’s happening now isn’t a surprise. Iranian-aligned groups have infrastructure ready to go: domains registered months ago, hosting relationships that predate any specific operation. Tension spikes, infrastructure activates. We’ve watched this pattern repeat since at least 2020.

“The real question isn’t whether the US is “prepared.” It’s whether anyone can see the infrastructure before it fires. Most attribution happens after the damage. By then you’re writing incident reports, not preventing incidents.

“AI makes both sides faster. Attackers spin up variants. Defenders try to map infrastructure at scale. Right now, offense is cheaper.”

Syed Asif Ali, Founder & Digital Media Strategist, Point Media

“Cyber conflict is increasingly becoming a parallel layer of modern geopolitical tension. It doesn’t replace traditional warfare, but it gives states and aligned groups a way to create disruption without the visibility or escalation of conventional military action.

“What makes this environment particularly challenging is how dependent modern economies are on digital infrastructure. Financial systems, logistics networks, cloud platforms, and communications all rely on software layers that can be probed or disrupted remotely. When those systems are targeted, the consequences can ripple far beyond the original point of attack.

“The growing role of AI also changes the equation. It allows threat actors to analyze systems faster, automate reconnaissance, and scale attacks more efficiently than before. That doesn’t mean AI creates entirely new risks, but it accelerates existing ones.

“Preparedness therefore becomes less about a single defensive tool and more about resilience. Governments and organisations need systems designed to detect anomalies early, isolate problems quickly, and recover operations without widespread disruption.

“In practical terms, cyber conflict has already become part of the strategic landscape. The question is less whether it will be a battlefield, and more whether institutions are building the resilience required to operate in that reality.”

Brian Long, CEO and Co-founder, Adaptive Security

“The digital world is absolutely becoming a modern battlefield. Governments and criminal groups now use cyber operations alongside traditional military activity because they can disrupt systems, gather intelligence, and influence public perception without firing a shot.

“We are already seeing the scale of this shift. The World Economic Forum has cited estimates that put the global cost of cybercrime at $10.5 trillion annually. That is the scale of a major global economy, and it shows why cyber conflict has become a serious part of modern geopolitical competition.

“Artificial intelligence is accelerating this trend. Attacks that once required specialised skills can now be launched with inexpensive tools and publicly available data. With just a few seconds of audio or a handful of public information, attackers can generate convincing voice clones, deepfake videos, or highly personalised phishing messages.

“These attacks are also expanding beyond email. Increasingly they happen through phone calls, text messages, and video meetings where people naturally trust what they hear and see. AI allows attackers to run these campaigns at enormous scale and target thousands of people at once.

“At the same time, critical infrastructure has become a major target. Energy systems, financial networks, and supply chains are attractive because disruptions there have immediate real-world consequences. Researchers at the Oxford Internet Institute found that, on one platform alone, more than 35,000 open-source deepfake generators had been downloaded nearly 15 million times since 2022. That shows how quickly these tools are spreading. We are also seeing deepfakes used to impersonate leaders and spread misinformation during moments of geopolitical tension.

“For organisations, cyber resilience is no longer just a technical problem. Most successful breaches still begin with social engineering, which means attackers are manipulating people, not just systems. Companies now need to prepare their workforce for AI-driven deception the same way they prepare their networks for malware.”

Cindy Murray, Chief Information Security Officer (CISO) & Systems Architect, Murray Digital

“Let’s just be honest about this. Cyber is not the new battlefield. It has been the only active warzone for a decade and the premise of the question is exactly why the US is losing. The recent strikes just proved our enemies know exactly how vulnerable our infrastructure is. The Iranian surge is simply a live stress test of a completely incompetent system.

“The problem is not the hackers. The problem is our own bloated architecture. We are protecting a twenty year old grid with bandaids. You can’t put a deadbolt on a screen door and call it secure. If you do not engineer your defense directly into the universal inference layer you are just asking for a breach.

“We are unprepared because Washington refuses to tear out their legacy sprawl. They are fighting an automated war using a bureaucratic checklist. A checklist is just a map for the enemy.”

Read the article on teiss here: https://techround.co.uk/news/experts-cyber-warfare-new-battlefield-modern-conflict/

Anticipate Threats. Mitigate Risk. Secure Growth.

Download Brochure

The Challenge

Most organisations don’t know how they’ll be attacked. Attackers do.

The NCSC estimates that over 40% of UK businesses have been targeted and attacked in the past year. This figure combined with only 57% of UK businesses having a formal cyber security strategy, shows it is clear that many organisations have a knowledge gap around how they might be attacked, when they will be attacked and making sure they have the right security tools, processes and plans in place.

From our experience at Cyberfort when engaging with organisations that have been attacked over the past 12 months, we have discovered the majority had security tools and processes in place. Many had passed penetration tests. But almost none had a structured, adversarial model of how a threat actor would move through their specific environment – which assets they’d target, in which sequence, what the impact could potentially be on their business.

This knowledge gap is not a technology problem. It is a strategic one. And it is the gap that threat actors exploit most reliably.

The situation has fundamentally changed

The threat landscape facing UK organisations today is not an elevated version of what existed five years ago. It is categorically different.

Ransomware groups now operate with the structure and discipline of professional services firms. Nation-state actors are targeting supply chains, not just perimeters. Insider threats are increasing as workforce complexity grows. And regulatory frameworks including NIS2, DORA, the ICO and the upcoming UK Cyber Security and Resilience Bill means Cyber Security and IT leaders need to ensure they have the right information about potential attacks and the right cyber security strategy in place to mitigate the impact of a potential attack.

In this environment, the question is no longer whether your organisation will be targeted. It is whether you will understand how before an adversary demonstrates it for you.

Compliance frameworks tell you what controls to have in place. They do not tell you whether those controls would stop a determined, intelligent adversary targeting your organisation, its data, and your vulnerabilities. That requires something different. It requires threat modelling.

The complication for Cyber Security and IT leaders

Security investment in the UK has grown consistently for a decade. Budgets are larger. Tool stacks have become more sophisticated. Teams are more qualified. Yet successful cyber-attacks keep happening and are growing year on year.

The problem is not effort. It is direction.

Without a structured threat model, security programmes are built on assumptions about which assets matter most, which threat actors are most likely, and which attack paths are most credible. Those assumptions are rarely tested. They are inherited from previous strategies, shaped by vendor recommendations, and validated by compliance checklists that measure the presence of controls, not their effectiveness against real adversaries.

The result is organisations are simultaneously, over-invested in areas that provide limited risk reduction, and under-invested in the specific controls that would stop the attacks most likely to affect them. This is not a failure of intent. It is a failure of information. This gap is precisely what threat modelling resolves.

Why your business needs an independent Threat Model

Threat modelling is the structured, systematic process of identifying how a specific adversary would target a specific organisation, mapping attack paths against assets, processes, and threat actors. A threat model undertaken by cyber security experts produces a prioritised, actionable view of where risk is concentrated and where investment will have the greatest impact.

At Cyberfort our Threat Modelling services are delivered by practitioners who have worked inside red teams, incident response functions, and security architecture programmes. Our threat modelling engagements go beyond frameworks and checklists. We think like the adversary. We map your environment the way an attacker would.

The outcomes organisations can achieve by undertaking a Threat Modelling exercise with Cyberfort include:

  • Being able to define your most critical assets and the threat actors most likely to target them (nation-state, ransomware groups, insider threat)
  • Have the ability to identify and rank attack paths using established methodologies mapped to your environment
  • Defensible compliance evidence for ICO, FCA, DORA or NIS2 audit trails
  • Board-ready risk narratives that translate technical exposure into business impact
  • Prioritised remediation roadmaps that align security spend to actual threat likelihood
Download Brochure

Start with a Threat Landscape review

At Cyberfort we understand many organisations need advice on where to start with a Threat Modelling exercise. We offer a complimentary 30-minute Threat Landscape Review for IT Directors and CISOs who want an independent, honest view of where their organisation sits relative to the current threat environment.

No preparation required. No obligation. A direct conversation between your team and one of our experts about the threat actors targeting your sector, the attack paths most relevant to your architecture, and what a structured threat modelling engagement would look like in your specific environment.

If it is useful, we will talk about next steps. If it is not the right time, you will leave with something valuable regardless. For more information about Cyberfort Threat Modelling services email us at [email protected] and one of our experts will be in touch.

Cyberfort
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.