A word of warning.

This week, it was discovered that a number of phones across the UK may have been the victim of widespread cyberattack by a private Israeli company.

The attack may affect anyone who uses WhatsApp.

The Financial Times broke the story…

A vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones.

WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function. 

The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs.

It’s a disturbing story.

And if you haven’t already I recommend that you update WhatsApp on your phone immediately.

The security vulnerability has been fixed in updated versions of WhatsApp released in recent days, but some users will need to manually update the app to get protected.

This group has contracts with 21 EU countries

In fact, NSO has been a runaway success, selling its programs to governments around the world: off-the-shelf software that was once thought to be restricted to sophisticated spy agencies.

NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data.

According to Mehul Svrivastava in the FT: “as the company has grown in influence, it has been tracked by researchers at the University of Toronto who have shadowed Pegasus. They believe it has been used in 45 countries including Bahrain, Morocco, Saudi Arabia and the UAE.

Half the group’s revenues come from the Middle East, according to an investor at the April presentation, although the company also told the gathering that it had contracts with 21 EU countries.

We will see a lot more of these attacks.

Unlike nuclear weapons, there are no treaties to prevent AI or cyber attacks.

For a country like Russia, for example, investing in AI-powered weapons is the best way to compete with America, which has a 10-1 advantage in terms of military spending.

China has committed itself to building a $150bn AI industry by 2030, with military uses a key focus.

And America is just as determined to use its AI resources to infiltrate and compromise the critical infrastructure of its rivals.

You can read more about those threats in my recent article on the new age of cyberwar: What Happens if a Bomb Lands on Your Lawn

Attacks on companies are spiking too

Corporations are obviously a key point of attack.

According to Crowdstrike, which provides cybersecurity for half of the world’s biggest 20 multinationals, an analysis of thousands of cyberattacks in the first six months of 2018 revealed more than a third (36pc) were targeted at technology firms, with a particular increase in attacks on biotechnology companies aimed at stealing their research and intellectual property.

Pharma, defence, mining and transport companies were also hit.

Who is doing this?

The Chinese get a lot of blame.

Just before Christmas, China moved to clean up it’s image by announcing an array of punishments that could restrict companies’ access to borrowing and state-funding support over intellectual-property theft, a key sticking point in its trade conflict with the U.S.

News of the measures came just days after President Xi Jinping promised to resolve the U.S.’s “reasonable concerns” about IP practices in a statement after meeting President Donald Trump at the Group of 20 summit.

Still, China is thought to steal up to $300 billion worth of IP a year via its People’s Liberation Army, pictured.

And according to Crowdstrike: “China has become a bigger threat after a reorganisation of the People’s Liberation Army (PLA) put hacking in the hands of contract firms, effectively privatising operations.

Free of previous Chinese state bureaucracy, they are run by computer science experts with extensive links into hacking forums and groups.

The potential vulnerability of critical technological infrastructure has increasingly become a national security concern.

Some EU member states are reportedly considering action against the infamous Chinese cyber group Advanced Persistent Threat 10 (APT 10) after the UK government presented evidence to them.

According to Bloomberg, a team of British experts briefed their EU colleagues on APT 10, which is believed to have ties to the Chinese government.

Huge opportunity: protecting companies against attack

How can we prevent these threats?

Kevin Poulsen, who was the very first hacker to get banned from using the Internet, has an interesting perspective on how we might begin to address the cybersecurity crisis.

As he puts it: “Information is secure when it costs more to get it than it’s worth”.

This is a useful idea because it acknowledges several realities about cybersecurity.

First, the cost of conducting a hack — in terms of labour, the time it takes to achieve a goal and the risk of getting caught — is now extremely low.

Secondly, the attack surface is getting larger.

Thirdly, valuable information continues to stockpile on corporate servers, providing lucrative targets for criminals, with little hope of protection from overstretched security staff.

The goal of cybersecurity, then, is not to make successful attacks

impossible, but to make it more costly for cybercriminals to access critical data.

In response, we are now seeing the emergence of a new cybersecurity industry employing big data analytics, machine learning and collaborative networks to detect and collate cybersecurity threats.

Machine learning has already been used in the financial sector for some time to identify potential fraud.

The large datasets collected on credit card use, for example, have allowed algorithms to learn how to recognise normal behaviour, and in turn to highlight anomalies in the system.

IBM researchers working with a large US bank claimed a 15% increase in fraud detection with a 50% reduction in false alarms and a total savings increase of 60%.

And anti-cyber algorithms are becoming ever more sophisticated.

Increasingly, they are learning to misdirect and frustrate random attacks on corporate networks, lifting the cost of conducting an attack, sometimes persuading the hacker to move on.

The most advanced systems have even been using machine learning to mimic the human immune system, first learning about the system itself, then spotting intruders by their actions.

Take DarkTrace.

This company uses as system that is “modelled on the human immune system” in the way it uses artificial intelligence to detect viruses and cyber threats inside a computer network.

You plug their box into their network.

The AI studies how employees behave on their computers and then draws up a gaming-style visualisation of where there are issues.

There are private reports that the system throws up a hundreds of false alerts a day.

But with each alert, the AI is learning how to spot strange activity on major networks.

And there is huge scope for companies to apply a rapidly learning AI to systems that are already far beyond the control of the humans who oversee them.

Darktrace spun out of the Ministry of Defence with clients now including parts of the National Health Service, Gatwick airport and Drax, the UK’s biggest power station.

Right now, DarkTrace is not listed on a stock market, but it looks like they will pursue an IPO in the next year.

Or take a look at Splunk (Nasdaq: SPLK), which is widely perceived to be the leader in middleware that extracts intelligence from huge volumes of fast moving machine generated data.

The company has over 1000 customers ranging from BlackRock and CocaCola to Symantec and Vodafone.

Symantec — one of the big three cyber security companies — relies on Splunk to sharpen up its service offering.

And among others Adobe, Autodesk and BlackRock are using Splunk middleware to sharpen up their cyber defences.