Dutch counterterrorism agency says Generative AI is posing new cyber threats

The advent of advanced technologies, such as generative AI, presents new cybersecurity threats, the National Coordinator for Counterterrorism and Security (NCTV) warned in its annual cybersecurity assessment. The Dutch counterterrorism agency is urging organizations to adapt their security measures accordingly.

The agency noted that as technology progresses, it generates new threats. A prime example is generative AI, which simplifies the development of malware and can render phishing emails more believable. With the expanding use of these techniques, verifying the authenticity and authority of text information, images, videos, and audio is becoming increasingly challenging. However, the rising use of this technology also offers opportunities. AI can help detect malware and anomalies, thus enabling faster and more effective responses to cyberattacks.

The report highlighted that extortion through data encryption remains an attractive revenue model for cybercriminals, especially due to the rising professionalization of cybercrime tools. This professionalization enables less-skilled individuals to execute cyberattacks, the NCTV argued.

Amid escalating geopolitical tensions, highlighted by the Russian war on Ukraine, state actors are increasingly resorting to cyberattacks to advance their interests, according to the NCTV. Such attacks could lead to possible chain effects such as power outages that disrupt education or hinder hospital care.

According to the organization, there is also a significant rise in hacktivist cyberattacks targeting organizations. For instance, Dutch government websites experienced difficulties due to cyberattacks, possibly originating from Russian hackers, during Ukrainian President Volodymyr Zelenskyy's visit to the Netherlands in May of this year.

Pieter-Jaap Aalbersberg, the National Coordinator for Counterterrorism and Security, stated that cybercriminal activity is increasing due to its lucrative financial opportunities. “It is therefore important that we increase our resilience because the security of digital processes is and will remain linked to national security,” he noted. Aalbersberg also highlighted that the consequences of a seemingly distant cyber incident could affect everyone due to the interconnectedness of the online world.

Aalbersberg urged organizations to adapt their security measures accordingly and to reinforce their resilience to mitigate the impact of potential cyber-attacks in the future. He noted, "We cannot always prevent cyber incidents, but we can increase our resilience, reduce the impact and limit the damage,” adding, “In short, expect the unexpected.”