For all the advantages of artificial intelligence (AI), it also has the potential for extreme disadvantage, as cyber security researchers recently revealed at the Black Hat USA 2018 security conference.
Just as AI has made it possible for iPhones to automatically recognize faces and unlock for the right user, smart security systems to detect strangers and warn home owners, and Facebook to recognize and tag people in photos, AI is making it possible for hackers to develop smart malware to detect specific targets out of millions of users. Hackers can use AI to help their malware evade detection for weeks, months or even years, significantly increasing the chances of infection and success.
A team of researchers from IBM Corp. has used machine learning to build hacking programs that could slip past defensive measures at the highest level. The team created DeepLocker, a proof of concept project that shows the destructive abilities of AI-powered malware that remains dormant until it reaches a very specific target, making it extremely hard to detect and destruct. They believe that similar malware likely already exists and just hasn’t been exposed yet.
DeepLocker uses deep learning algorithms that are hard to make sense of. To anti-malware solutions, DeepLocker looks like a normal program, such as an email or messaging application. However, beneath its harmless appearance is a malicious payload, hidden in a deep learning algorithm. It identifies its target through one or several attributes, including visual, audio, geolocation and system-level features, and then executes its payload.
IBM demonstrated the dangers of AI-powered malware by arming DeepLocker with the popular ransomware WannaCry and integrating it into an innocent-looking video conferencing application. Cyber security scientist at IBM Research, Marc Stoecklin says, “Imagine that this video conferencing application is distributed and downloaded by millions of people, which is a plausible scenario nowadays on many public platforms.”
The malware went undetected by analysis tools, including anti-virus engines and malware sandboxes. While running, the application feeds camera snapshots to DeepLocker’s AI, which has been trained to look for the face of a specific person. The application works perfectly fine for all users until the intended target’s face is detected, at which point DeepLocker gives WannaCry free reign to encrypt all files on the hard drive.
Malicious parties could tune the settings of their AI-powered malware to target groups of people. For instance, hackers with political motives might want to use the malware to hurt a specific demographic, such as people of a certain race, gender or religion. According to Stoecklin, it’s widely believed in the cybersecurity community that large criminal gangs are already using AI and machine learning to help launch and spread their attacks. “We have a lot of reason to believe this is the next big thing,” he says. “This may have happened already, and we will see it two or three years from now.”
Fighting AI with AI
Current security tools aren’t fit to fight AI-powered malware. New technologies and measures are needed for adequate protection. Stoecklin advises, “The security community should focus on monitoring and analyzing how apps are behaving across user devices, and flagging when a new app is taking unexpected actions, such as using excessive network bandwidth, disk access, accessing sensitive files, or attempting to circumvent security features.”
A handful of companies, including IBM, are doing just that, working on tools to counter evasive malware with the help of AI. In the meantime, Stoeckline suggests taking precautions such as limiting the access applications have to computer cameras and microphones.
Secure Your Organization
As the risks for and instances of cyber attacks continue to grow, so does the demand for cyber security professionals trained in the most up-to-date information on how to protect enterprise networks from potential threats.
Get your staff the cyber security training it needs now to help your organization stay secure. Cyber Security Tools for Today’s Environment is designed to help businesses improve security techniques. This 11-course training program is ideal for technical professionals across all industries who support their company’s IT departments.
Menn, Joseph. (8 Aug 2018). New genre of artificial intelligence programs take computer hacking to another level. Reuters.
Dickson, Ben. (27 Aug 2018). How hackers can use AI to hide their malware and target you. The Daily Dot.