ESET explores how Machine Learning could be used to create future malware
A new ESET white paper aims to bring some clarity to what Artificial Intelligence (AI) and Machine Learning (ML) mean in the world of cybersecurity and how they could change the future of malware as we know it.
To gain more insight into this growing topic, Esetconducteda survey which revealed that the majority of IT decision makers believe ML will not only increase the number of threats their businesses will have to detect and respond to but also increase the complexity of cyberattacks they face. Roman Ková , Chief Research Officer at ESET said, “While we do not have evidence of machine learning being used to ‘power malware’ per-se, it could happen in the very near future. Cutting edge machine learning capabilities can be hired by the hour, they are widely accessible. There’s no reason why cybercriminals wouldn’t try to use this technology to protect their malicious infrastructure or breach companies’ defences.”
By automating the non-trivial tasks that attackers need to perform prior to launching these targeted operations, future use of ML could potentially enable more adversaries, and with less effort, to conduct them.
However, automated variations of malware are not the only possible malicious application of machine-learning algorithms. ESET outlines some of the areas where the use of this technology could give the attackers an advantage over businesses: Protecting their own infrastructure: Cybercriminals could use ML to detect intruders such as researchers or threathunters in their systems and detect inactive, and therefore suspicious, nodes in their network.
Generating automated variations of malware: Some older malware families have used automation to generate new variants themselves every minute more than 10 years ago. This technique could be reinvented and improved by using ML algorithms that would learn which of the newly created variants are the least likely to be detected and produce new strains with similar characteristics. Identifying targets: Hackers could use ML to help profile victims before it attempts to infect. This may include checking to see if a victim’s machine is running in a virtualised environment or being run in such places as a malware analyst’s machine. In addition, by monitoring traffic to an infected website, the attacker’s algorithm can learn and select visitors who are the most valuable targets before serving them malware. Concealing malware in the victim’s network: Ml-powered malware can monitor behaviour of nodes/endpoints in the targeted network and build patterns resembling legitimate network traffic. Exploiting a company’s Ml-based systems: For example, this could take place through data poisoning, whereby attackers work out how the algorithms are set up or where ML gets it training data from, hackers can compromise and manipulate data to mark what is recognised as ‘good’ or ‘bad’. According to the survey, just 41 percent of IT decision makers strongly agree that they have the skills and resources to detect and protect their organisation against such malware attacks.