The conflict in Iran will likely trigger an increasing amount of geopolitical cyberattacks in the coming days, according to an executive at Palo Alto Networks, the world’s largest pure-play cybersecurity vendor.
Speaking with Euronews Next at the Mobile World Congress in Barcelona, Scott McKinnon, Palo Alto Networks chief security officer for the UK&I, warned of a surge in cyber "sidearms" deployed by nation-state actors, including Iran.
“Anytime there's [a] conflict, [...] there's a response to that. It's not just the physical defence and attack systems that are used, but also side weapons [...] as well," he said.
"I'm sure in the coming days we'll see an uptick in activity as a result of what happened over the weekend."
Cyber attacks reportedly took place on Saturday alongside the US-Israeli attack on Iranian targets, including the hacking of news websites and the calendar app BadeSaba, which displayed messages telling users “it’s time for reckoning”.
Read more: The digital battleground: How cyber attacks will shape the Israel-Iran conflict
Iranian government services and military targets were also reportedly struck by cyber operations, according to the Jerusalem Post.
But modern business and national infrastructure are often the secondary targets of geopolitical clashes.
The UK's National Cyber Security Centre (NCSC) continues to name Iran — alongside Russia and North Korea — as one of the primary state-sponsored actors behind attacks on Western infrastructure.
McKinnon said roughly 60 percent of organisations have already adapted their cyber strategy because of geopolitical tensions and that nation-states are prioritising attacks on Critical National Infrastructures (CNI), such as telecommunications networks, energy grids, and financial systems.
To combat this, the defence strategy must evolve beyond the "old way of having signatures” and simply waiting to see what an attack looks like before blocking it, he said.
The AI cybersecurity threat
But cybersecurity is becoming more challenging with the development of artificial intelligence (AI), in particular deep fakes. For both state actors or those committing fraud, human identities are now easier to breach thanks to AI.
"You can no longer rely on what you see and hear. Organisations need multi-factor authentication, secondary communication channels, and even safe words — phrases only the real individual would know," he said.
Another issue is AI-powered phishing emails, which were once easy to spot due to poor grammar, are now virtually indistinguishable from human correspondence.
Threat actors are using AI to scrape professional profiles, identify targets' interests, and craft highly personalised messages designed to manipulate individuals into handing over access or funds, he said.
"We've observed far more scale in what they're able to do, greater speed, and they're using more sophisticated techniques," he said. "They can use some of the tools we use on the defensive side to attack us."
Palo Alto Networks last month completed its acquisition of the company CyberArk to focus on “security for human, machine, and agentic identity,” it said.
CyberArk is focusing on the security of AI agents, which McKinnon said can be hacked just as any other software.
AI agents, he said, “certainly need guardrails and they need to be very specific in the mission... we need to be really, really super clear on the agency that we actually give to these pieces of software."
