AI: The New Frontier for Cybercriminals Targeting Critical Infrastructure

In a recent webinar, I explored a critical and timely topic: the adoption of Artificial Intelligence (AI) by cyber criminals and the profound implications for protecting our critical infrastructure. The landscape of cyber security is shifting rapidly, and what was once a matter of theoretical risk is now a daily reality. Let’s break down the facts, the threats, and the essential strategies you need to adopt today.

The Cold Hard Facts: The Real State of Cyber Attacks

To understand where we’re going, we must first understand where we are. A recent CISA Risk & Vulnerability Assessment (RVA) provides a stark look at what has already happened, not what might happen. The data on successful cyber attacks is revealing:

• ~42% of actual attacks used Valid Accounts. This is the leading cause of breaches. Attackers aren’t always breaking down the door; often, they’re walking in with a stolen key.
• ~26% used Spearphishing. These targeted attacks trick users into revealing credentials, making them an adjacent threat to valid account takeovers.
• ~10% used Brute Force on passwords. Guessing passwords remains a surprisingly effective, albeit less common, tactic.

When you add these up, an alarming picture emerges: Approximately 80% of all successful attacks on critical infrastructure exploit weaknesses in user authentication and identity. The primary battleground is not the firewall; it’s identity.

The New Threat Magnifier: Big Scary AI

So, where does AI fit into this? AI is today’s boogeyman, and for good reason. It acts as a powerful magnifier, dramatically lowering the bar for attackers.

Think about the typical attacker. They are often:

1. Lazy: They want the path of least resistance. AI is their faithful servant, automating tedious tasks and making them highly effective with minimal effort.
2. Dumb (or unskilled): Not every attacker is a genius. AI is their crutch, providing the knowledge and tools to make them “smart enough” to succeed.

AI has fundamentally dropped the “worth the effort” barrier. Attacks that were once too complex or resource-intensive are now within reach of a much broader group of malicious actors.

How AI Empowers Attackers: It’s Not Just a Chatbot

When we talk about attackers using AI, we’re not just talking about them using a chatbot to write a phishing email (though that’s part of it). They are using AI to:

• Reduce the Pattern Space: Instead of guessing from a dictionary of millions of passwords, AI can generate highly specific, context-aware password lists (e.g., ‘scada-2025-sitename’), drastically increasing the success rate of brute-force attacks.
• Simplify Integration: AI can quickly figure out how to connect disparate systems, like a Master Control Program (MCP) to a SCADA historian, identifying pathways that a human might miss.
• Reduce the Search Space: When probing a network, an AI can quickly deduce what isn’t there to focus on what is. For example, “I see systems A and B, but not C, so I’ll focus my efforts here.”
• Identify Lateral Options: Once inside, AI can predict which adjacent systems are the most likely targets, enabling rapid lateral movement through a network.

Welcome to the “Agentic World”

We are transitioning from an era of “I ask, it answers” to “I ask, it does.” This is the rise of the “Agentic World,” where AI agents can execute tasks autonomously. Yesterday’s threat was a botnet receiving instructions from a Command and Control (C2) server. Today’s threat is a single piece of malware that acts as a gateway for a host of specialized AI “experts” to enter your system and carry out a coordinated, intelligent attack.

The Simple Need: A Call for Zero Trust

With these evolving threats, the need is simple. We must provide secure access for any user, on any system, from any device and any network, but only to exactly what they need—no more, and no less.

This is the core principle of Zero Trust, a security model built on three pillars:

1. Identity (WHO): Every user (person or system) must be individually known and authenticated. No more shared accounts.
2. Authorisation (WHAT): Permissions and privileges must be assigned on a granular, per-user, per-resource basis.
3. Access (HOW): Users are only routed to the specific resources they are authorised for. The rest of the network is invisible and inaccessible to them.

Reducing Risk with a Modern Approach

Implementing a Zero Trust framework directly addresses the top threats identified by CISA:

• Shared accounts are gone. HR churn is no longer your security risk. When access is tied to a unique identity, it can be instantly revoked when someone leaves.
• Overbroad access is gone. The blast radius of a breach is reduced from the entire network to a single system.
• Passwords are gone. Brute-force attacks become impossible when there are no passwords to guess. Multi-factor authentication via un-phishable methods like Passkeys means users can’t be tricked into giving away access.

The solution is not to fight a losing battle against every new tool an attacker might use. The solution is to strengthen your core defense: identity.

Your Call to Action

Critical infrastructure is a target. AI is increasing the power, reach, and effectiveness of those who would do us harm. The key defence is to shore up your identity and credential management.

At Agilicus, we can help you implement a Zero Trust framework with no changes to your existing systems, a simple deployment process, and an incremental roll out. You don’t need to outrun the bear (the most sophisticated attacker in the world); you just need to outrun your neighbour. Let’s make sure you’re not the slowest hiker in the woods.