Will Machine Learning reshape the threat landscape?

A new ESET white paper aims to bring some clarity to what Artificial Intelligence (AI) and Machine Learning (ML) mean in the world of cybersecurity and how they could change the future of malware as we know it.

To gain more insight into this growing topic, ESET conducted a survey which revealed  that the majority of IT decision makers believe ML will not only increase the number of threats their businesses will have to detect and respond to but also increase the complexity of cyberattacks they face.

Roman Kováč, Chief Research Officer at ESET said, “While we do not have evidence of machine learning being used to ‘power malware’ per-se, it could happen in the very near future. Cutting edge machine learning capabilities can be hired by the hour, they are widely accessible. There’s no reason why cybercriminals wouldn’t try to use this technology to protect their malicious infrastructure or breach companies’ defences.”

By automating the non-trivial tasks that attackers need to perform prior to launching these targeted operations, future use of ML could potentially enable more adversaries, and with less effort, to conduct them.

However, automated variations of malware are not the only possible malicious application of machine-learning algorithms. ESET outlines some of the areas where the use of this technology could give the attackers an advantage over businesses:

  • Protecting their own infrastructure: Cybercriminals could use ML to detect intruders such as researchers or threat-hunters in their systems and detect inactive, and therefore suspicious, nodes in their network.
  • Generating automated variations of malware:  Some older malware families have used automation to generate new variants of themselves every minute more than 10 years ago. This technique could be reinvented and improved by using ML algorithms that would learn which of the newly created variants are the least likely to be detected and produce new strains with similar characteristics.
  • Identifying targets: Hackers could use ML to help profile victims before it attempts to infect. This may include checking to see if a victim’s machine is running in a virtualised environment or being run in such places as a malware analyst’s machine. In addition, by monitoring traffic to an infected website, the attacker’s algorithm can learn and select visitors who are the most valuable targets before serving them malware.
  • Concealing malware in the victim’s network: ML-powered malware can monitor behaviour of nodes/endpoints in the targeted network and build patterns resembling legitimate network traffic.
  • Exploiting a company’s ML-based systems: For example, this could take place through data poisoning, whereby attackers work out how the algorithms are set up or where ML gets it training data from, hackers can compromise and manipulate data to mark what is recognised as ‘good’ or ‘bad’.

According to the survey, just 41% of IT decision makers strongly agree that they have the skills and resources to detect and protect their organisation against such malware attacks.

Kováč continued, “It is difficult to predict when attacks making wide-scale use of machine learning will happen but when the time comes, the cyber security game will be changed forever as the systems will get under heavy sustained fire of smart automated attacks. To minimise the potential impact and inflicted damage, business leaders need to ensure that cyber security best practices are carried out right across the organisation.”

To read more on this story go to WeLiveSecurity.com and read the blogpost titled ‘Of ML and malware: What’s in store?’ or go directly to ESET’s latest whitepaper ‘Can artificial intelligence power future malware?