When the United States and Israel launched coordinated strikes against Iran on 28 February 2026, the response was not limited to missiles and military assets. According to CloudSEK, more than 60 Iranian aligned hacktivist groups activated on Telegram within hours. The company described it as the largest single event mobilisation of this ecosystem ever recorded.
The target was not military bases. Instead, it was infrastructure used by civilians.
CloudSEK reports that more than 40,000 US industrial control systems are reachable on the public internet, many protected by default or no credentials. Data from Forescout and Shodan in 2024 also counted over 40K exposed ICS devices in the United States. These systems help run water plants, electricity networks and fuel operations.
Is Cybercrime The New Warfare?
The report concluded, “The barrier to ICS disruption is no longer technical. It is motivational. And the events of 28 February 2026 have provided motivation to 60+ groups simultaneously.”
This raises the question: is the digital world becoming the modern day battlefield? The World Economic Forum spoke about this in a 2017 article and these words are still relevant today. They said, “Sure, cyberwar is better than a kinetic or physical war in many ways, but it could also make war worse. Unless it’s very carefully designed, a cyberattack could be a war crime.”
They continued, “Well, you could go the old fashioned way — call in some airstrikes or send troops to blow up the building — but this would be an open declaration of war, worsening tensions. It would also be a political disaster if your troops or even drones were captured.
“Now, there is another way: you could launch a cyberattack against the facility. This is more invisible and therefore less risky. It’d take too long to directly hack into the facility’s secure network, but you’ve already created an email virus that can knock out the town’s energy grid, which would take out the base.”
An interesting question and topic here. With the rest of the world moving digital, it would only make sense why this is being considered, and many say it has already been the case for decades.
Mike Maddison, CEO of Global Cybersecurity Company NCC Group:
Cyber activity in the Middle East
“The current conflict in the Middle East is proof that cyber operations have become fully integrated with military strategy. Israel and the US have combined cyber attacks with physical strikes to contribute to Iran’s communications blackout. Overall, the majority of cyber activity tied to the Israel–Iran conflict consists of DDoS attacks, website defacements, exaggerated breach claims, and widespread AI‑driven misinformation. This activity is high in volume but low in impact, rather than being materially disruptive.
“The breadth of global supply chains means that while Iran’s cyber capabilities are focused on Israel, the US and the Gulf-region, global companies still need to be vigilant. Supply chains and widely connected digital infrastructure face a realistic risk of disruption or being caught in an information war.”
GPS jamming
“The use of GPS jamming in the Middle East is a timely reminder of the fragility of our reliance on satellite navigation systems. All Global Navigation Satellite System (GNSS) platforms share a critical vulnerability – their signals are inherently weak and susceptible to targeted jamming. This situation underscores the urgent need for robust security investment to safeguard critical national infrastructure.
“The maritime sector remains a high value target due to the scale of disruption a successful attack can cause. As threats evolve, the industry must shift from reactive defence to proactive resilience strategies. Alternative technologies like Long Range Navigation (LORAN) or emerging quantum-based systems offer promise, but neither has yet been delivered at scale. Until then, resilience must come from layered defences and strategic foresight.”
Experts Share Their Thoughts On Cybercrime As The New Battlefield
More experts answer the question…
Our Experts:
- Jorge Monteiro, CEO, Ethiack
- Glen Williams, CEO, Cyberfort
- Paulo Cardoso do Amara, Former CIO and NATO Scientific Advisor on Cybersecurity
- Jack Alexander, Senior Threat Intelligence Analyst, Quorum Cyber
- Joseph M. Saunders, Founder and CEO, RunSafe Security
- Adam Darrah, VP of Intelligence, ZeroFox
- Kaveh Ranjbar, Co-Founder & CEO, Whisper Security
- Alexander Niejelow, CEO, Cyber Advisory, Hilco Global
- Syed Asif Ali, Founder & Digital Media Strategist, Point Media
- Brian Long, CEO and Co-founder, Adaptive Security
- Cindy Murray, Chief Information Security Officer (CISO) & Systems Architect, Murray Digital
Jorge Monteiro, CEO, Ethiack
“A wide range of hackers, from cybercriminals to state actors, have fully weaponised AI. On the digital battlefield, threat actors no longer just use AI tools, but instead deploy fully autonomous malware that probes and exploits vulnerabilities in IT systems, even evolving its approach with minimal human input.
“The real-world impact of this AI-enabled cyber threat is an order of magnitude greater than anything seen before – as it can impact entire economies, not just individual organisations. In 2025, an attack on the British carmaker Jaguar Land Rover sent UK car production crashing to its lowest level in 70 years and knocked nearly 0.2% off the UK’s GDP.
“With conflict again raging in the Middle East, there is a risk of more such disruption in 2026: not just from data loss and extortion, but operational paralysis across entire industries.
“To keep pace, organisations must move away from periodic testing of their cyberdefences to adopt continuous, AI-driven security validation. Ethical, autonomous AI tools will become mainstream as enterprises realise they need the same automation and adaptability as that being used to attack them.
“Frameworks like DORA and NIS2 will accelerate this shift toward continuous assurance, and while AI will dominate the front line, human cybersecurity professionals won’t disappear. In our work, AI agents and ethical hackers routinely uncover different classes of vulnerabilities, and only together do they form a complete defence.
“2026 will see the fastest learners, who empower AI to help them find and fix weaknesses before criminals can exploit them, forge ahead. In a year defined by autonomous AI-led attacks, the greatest risk will be standing still.”
Glen Williams, CEO, Cyberfort
“Cyber conflict is no longer a future concern. It is already a core component of modern warfare. When geopolitical tensions rise, the digital domain is often the first-place retaliation appears. What we are seeing now is a clear example of that shift. Cyber operations can disrupt infrastructure, spread misinformation and undermine confidence without a single physical strike.”
“AI is accelerating this trend further. It lowers the barrier to entry for threat actors, automates reconnaissance and allows attacks to be launched at greater scale and speed. That means nation state groups and other threat actors can target energy networks, financial services, communications systems and government infrastructure more efficiently than ever before.”
“The question is not simply whether the US is prepared. It is whether any country is truly prepared for the pace and complexity of modern cyber conflict. The UK faces the same reality. As a highly connected digital economy with globally significant financial services, defence capability and critical infrastructure, the UK remains an attractive target for both state backed groups and opportunistic attackers. Defensive strategies built around traditional security controls are struggling to keep up with highly adaptive, AI assisted adversaries.”
“What this moment underlines is that cyber resilience must now be treated as national security infrastructure on both sides of the Atlantic. Governments and critical industries must assume that digital systems will be targeted during geopolitical crises. Preparation means stronger public private collaboration, continuous threat intelligence sharing and infrastructure designed with resilience at its core rather than as an afterthought.”
Paulo Cardoso do Amara, Former CIO and NATO Scientific Advisor on Cybersecurity
“The digital world grows in importance at the same pace as the dependence that both organisations and citizens place upon it. What once began, in the late 1980s, as a modest infrastructure for sending emails, sharing files, and participating in a few discussion forums has evolved into the nervous system of modern society.
“Interestingly, malware appeared almost as soon as the internet itself became useful. Since around 1988, malicious software has been a persistent reality of the digital ecosystem. In other words, vulnerability was born alongside connectivity and, today, the very dependence on digital systems has become a strategic attack surface.
“Yet it would be simplistic to claim that the digital world alone constitutes the modern battlefield. In reality, it is merely one dimension of a broader strategic landscape. The foundations of this multi-dimensional conflict can be traced back to the 1980s with the articulation of what analysts later called Fourth Generation Warfare.
“In this form of conflict, battles are not fought exclusively with tanks and missiles but across several arenas simultaneously, including economic pressure, intelligence operations, information influence, and political maneuvering. Conventional warfare still exists, of course, as the conflicts in Ukraine and tensions involving Iran clearly demonstrate. But these kinetic engagements now coexist with subtler forms of confrontation where perception, disruption, and influence become decisive.
“In this sense, cyberspace is not a replacement for traditional conflict. It is an extension of it.
“Technology, meanwhile, continues to evolve at a remarkable pace, transforming both offensive and defensive capabilities. Cyberwarfare illustrates this dynamic particularly well. In this context, AI has become a powerful accelerator, amplifying the effectiveness of both attack and defense. However, the decisive factor is not technology alone. As Sun Tzu famously argued “victory belongs to those who understand the terrain and the enemy”. In the digital domain, this terrain is made of code, networks, protocols, and data flows. Mastery therefore depends less on possessing technology and more on understanding it deeply.
“Therefore, those who know how to employ technology strategically are the ones who achieve their objectives.
“From this perspective, the United States occupies a particularly strong position. A significant portion of the digital infrastructure used globally originates from American technological ecosystems. Many of the foundational layers of the internet, from hardware architectures to operating systems and communication protocols, have been developed by U.S. companies and research institutions. This technological primacy creates not only economic advantage but also strategic leverage in pure tactical terms.
“The informational dimension reinforces this position even further. Major technology companies exercise enormous influence through the platforms that mediate global communication. Social networks, search engines, and digital services shape the information environment in which billions of people operate. While these platforms can be exploited by hostile actors, the underlying algorithms and infrastructures remain largely controlled by the companies that designed them.
“Artificial intelligence amplifies this phenomenon dramatically. AI systems can analyse vast volumes of unstructured information, generate persuasive narratives, and adapt content to specific audiences. In the realm of information warfare, this capability becomes a formidable instrument for shaping perceptions. Machiavelli would likely recognise the principle immediately because power often lies not merely in force but in the ability to shape what people believe.
“Thus, artificial intelligence is rapidly becoming one of the most potent weapons in the information domain, particularly in the hands of those who control the digital platforms through which narratives circulate.
“In the language of Clausewitz “war is the continuation of politics by other means”. In the digital age, those means increasingly include algorithms, networks, and data and the United States possesses substantial tactical capabilities in this environment. Whether these capabilities translate into strategic success ultimately depends on how effectively they are employed.
“Technology, after all, provides the weapons. Strategy determines victory.”
Jack Alexander, Senior Threat Intelligence Analyst, Quorum Cyber
Cyber in modern conflict:
“In modern conflict an immediate surge in hostile cyber aggression is to be expected. No longer are wars fought exclusively via the land, air and sea but also within cyberspace. This relatively new phenomenon is known as ‘hybrid warfare’ and is designed to weaken the opponent by directly targeting Critical National Infrastructure (CNI), but can also be used to achieve other strategic goals such as, sowing disinformation and disrupting civilian business continuity.
“This is not the first time that offensive cyber targeting has been used to impact CNI alongside traditional military activity. In 2022, Russian wiperware was deployed against the European Viasat network with the intended aim of impeding Ukrainian military communications, due to the heavy usage of the platform by Ukraine. This highlights the growing normalisation of CNI targeting during times of conflict as another means of disrupting your enemy.”
How AI can be used as a force multiplier:
“The time between vulnerability discovery/disclosure and active exploitation is now as little as 15 minutes via AI powered automated active scanning of networks. Actors are leveraging AI to automate routine tasks, including script generation, attack templating and consistent messaging during extortion efforts.
“Alongside this, social engineering is no longer just phishing with better grammar it is hyper personalised. Attackers can automate Open-Source Intelligence collection to profile targets and craft highly personalised lures that mirror their role, organisation and professional relationships.”
More from News
- What Is Open Banking And Is It The Next Step In Unlocking Billions For The UK’s Economy?
- The Tech Industry Celebrates Progress for Women, But Data Tells Another Story
- As Self-Employment Rises, What Are The Highest Paying Industries For Business Owners In The UK?
- Seagate’s Massive 44TB Hard Drive Is Making Headlines – Here’s Why It Matters For AI And The Internet
- Japan’s SoftBank Takes On $40bn Debt To Back OpenAI – Is This Confidence Or Just A Risky Gamble?
- TikTok’s US Outages Expose The Real Cost Of Oracle’s Compliance-Driven Infrastructure
- Behind Nvidia’s $103 Million Investment Into A UK Self-Driving Car Future
- How Is ‘AI Slop’ Directly Funding The Rise Of Cyber Fraud?
Joseph M. Saunders, Founder and CEO, RunSafe Security
“Cyber conflict rarely begins with a declaration of war. It unfolds in a persistent gray zone where nation-states and their proxies map networks, test defenses, and pre-position themselves inside critical infrastructure for future leverage. We’re seeing this play out in real time with Iran’s response to the US-Israel strikes.”
“AI has fundamentally changed the cost equation for attackers. Nation-state actors can now move faster, generate more convincing intrusion campaigns, and probe more targets simultaneously than ever before. When you combine that with pre-positioned access in critical infrastructure, like the persistent footholds we’ve seen from groups like Volt Typhoon, you have the ingredients for a very consequential attack.”
“Power grids, water systems, and communications networks are key targets for effects and to achieve outcomes of consequence, but much of this infrastructure was never built to absorb nation-state aggression. The US has world-class offensive cyber capabilities, but our defensive posture for industrial systems remains dangerously inconsistent. Every kinetic action, like the US-Israel strikes on Iran, now has an immediate digital echo. The digital world and the physical battlefield have merged, making cyber resilience the new deterrence.”
Adam Darrah, VP of Intelligence, ZeroFox
“Yes, and it has been since at least what is referred to as the “Arab Spring” or “Arab Awakening”. The digital battleground has encompassed and continues to include social media, mis- dis- and mal-information campaigns, offensive cyber operations that can shut down a country’s energy, military, or other systems. The digital space is where espionage, intelligence, marketing, civil society, shopping, politics, charity, convenience and war all converge. Adversaries do not see a sacred space that is off limits in war, peace, or intelligence collection.”
Is the US prepared?
“Yes. The United States has invested heavily in cyber defense capabilities and deterrence, and any actor considering cyber operations against US systems should assume there would be significant consequences. There is also a lot to unpack when discussing claims of a “surge” in Iranian-aligned cyber activity targeting US critical infrastructure, particularly when AI is described as a force multiplier for threat actors.
The US has adopted what is known as strategic ambiguity when it comes to what constitutes an act of war, probably to disincentivize adversaries to test red lines and ultimately deter conflict. Current administration officials have stated recently that any cyber attack against critical digital infrastructure could be considered an act of war.
When discussing “critical infrastructure”, it’s important to be precise. The US views as a matter of policy that any cyber-attacks against critical infrastructure such as water, sanitation, electricity and other critical systems could be considered precursors to an armed attack against the US homeland.”
Kaveh Ranjbar, Co-Founder & CEO, Whisper Security
“Calling this a “new battlefield” misses the point. Cyber has been the battlefield for years. The strikes make the news. The retaliation is already running.
“What’s happening now isn’t a surprise. Iranian-aligned groups have infrastructure ready to go: domains registered months ago, hosting relationships that predate any specific operation. Tension spikes, infrastructure activates. We’ve watched this pattern repeat since at least 2020.
“The real question isn’t whether the US is “prepared.” It’s whether anyone can see the infrastructure before it fires. Most attribution happens after the damage. By then you’re writing incident reports, not preventing incidents.
“AI makes both sides faster. Attackers spin up variants. Defenders try to map infrastructure at scale. Right now, offense is cheaper.”
Syed Asif Ali, Founder & Digital Media Strategist, Point Media
“Cyber conflict is increasingly becoming a parallel layer of modern geopolitical tension. It doesn’t replace traditional warfare, but it gives states and aligned groups a way to create disruption without the visibility or escalation of conventional military action.
“What makes this environment particularly challenging is how dependent modern economies are on digital infrastructure. Financial systems, logistics networks, cloud platforms, and communications all rely on software layers that can be probed or disrupted remotely. When those systems are targeted, the consequences can ripple far beyond the original point of attack.
“The growing role of AI also changes the equation. It allows threat actors to analyze systems faster, automate reconnaissance, and scale attacks more efficiently than before. That doesn’t mean AI creates entirely new risks, but it accelerates existing ones.
“Preparedness therefore becomes less about a single defensive tool and more about resilience. Governments and organisations need systems designed to detect anomalies early, isolate problems quickly, and recover operations without widespread disruption.
“In practical terms, cyber conflict has already become part of the strategic landscape. The question is less whether it will be a battlefield, and more whether institutions are building the resilience required to operate in that reality.”
Brian Long, CEO and Co-founder, Adaptive Security
“The digital world is absolutely becoming a modern battlefield. Governments and criminal groups now use cyber operations alongside traditional military activity because they can disrupt systems, gather intelligence, and influence public perception without firing a shot.
“We are already seeing the scale of this shift. The World Economic Forum has cited estimates that put the global cost of cybercrime at $10.5 trillion annually. That is the scale of a major global economy, and it shows why cyber conflict has become a serious part of modern geopolitical competition.
“Artificial intelligence is accelerating this trend. Attacks that once required specialised skills can now be launched with inexpensive tools and publicly available data. With just a few seconds of audio or a handful of public information, attackers can generate convincing voice clones, deepfake videos, or highly personalised phishing messages.
“These attacks are also expanding beyond email. Increasingly they happen through phone calls, text messages, and video meetings where people naturally trust what they hear and see. AI allows attackers to run these campaigns at enormous scale and target thousands of people at once.
“At the same time, critical infrastructure has become a major target. Energy systems, financial networks, and supply chains are attractive because disruptions there have immediate real-world consequences. Researchers at the Oxford Internet Institute found that, on one platform alone, more than 35,000 open-source deepfake generators had been downloaded nearly 15 million times since 2022. That shows how quickly these tools are spreading. We are also seeing deepfakes used to impersonate leaders and spread misinformation during moments of geopolitical tension.
“For organisations, cyber resilience is no longer just a technical problem. Most successful breaches still begin with social engineering, which means attackers are manipulating people, not just systems. Companies now need to prepare their workforce for AI-driven deception the same way they prepare their networks for malware.”
Cindy Murray, Chief Information Security Officer (CISO) & Systems Architect, Murray Digital
“Let’s just be honest about this. Cyber is not the new battlefield. It has been the only active warzone for a decade and the premise of the question is exactly why the US is losing. The recent strikes just proved our enemies know exactly how vulnerable our infrastructure is. The Iranian surge is simply a live stress test of a completely incompetent system.
“The problem is not the hackers. The problem is our own bloated architecture. We are protecting a twenty year old grid with bandaids. You can’t put a deadbolt on a screen door and call it secure. If you do not engineer your defense directly into the universal inference layer you are just asking for a breach.
“We are unprepared because Washington refuses to tear out their legacy sprawl. They are fighting an automated war using a bureaucratic checklist. A checklist is just a map for the enemy.”
