Artificial Malevolence: Bad Actors Know Computer Science, Too

  /     /     /  
Publicated : 23/11/2024   Category : security


Artificial Malevolence: Bad Actors Know Computer Science, Too


Artificial intelligence and machine learning have many useful applications in legitimate security prevention. However, the buzz at this years Black Hat is that bad guys are already catching up.



LAS VEGAS -- The cybersecurity industry has embraced artificial intelligence and machine learning. Seemingly every exhibitor at this years Black Hat conference is touting AI, whether its for scanning email attachments for malware, detecting patterns in network access patterns, filtering alerts for rapid incident triage or finding anomalies in user behaviors.
The unsaid belief is that AI is a good-actors tool.
Due to the complexity of the algorithms, the need for large data sets for training or real-time learning, and expensive servers with tons of memory, the best use for AI and machine learning would be for enterprise, government or service-provider defense. Where AI might have a role in offensive operations, the thinking goes, is strictly in the realm of organizations like all those three-letter organizations near the Washington, DC, Beltway.
(Source:
iStock
)
Not necessarily -- and thats also part of the buzz here at Black Hat.
Every conversation I had about AI acknowledged the possibility -- no, the probability -- that these technologies can be turned against us. The good guys have AI-powered cyber software. The bad actors do too, or if not, they will soon.
IBM got everyone talking
The conversation was driven by a well-publicized presentation by IBM of what Big Blue calls DeepLocker, which has enough intelligence to hide in plain sight.
The DeepLocker class of malware stands in stark contrast to existing evasion techniques used by malware seen in the wild. While many malware variants try to hide their presence and malicious intent, none are as effective at doing so as DeepLocker, Marc Ph. Stoecklin, a senior IBM research scientist,
wrote in a paper
released simultaneously with the Black Hat presentation.
What is DeepLocker and how does it work? Stoecklin explains:

DeepLocker hides its malicious payload in benign carrier applications, such as a video conference software, to avoid detection by most antivirus and malware scanners. What is unique about DeepLocker is that the use of AI makes the trigger conditions to unlock the attack almost impossible to reverse engineer. The malicious payload will only be unlocked if the intended target is reached. It achieves this by using a deep neural network (DNN) AI model. The AI model is trained to behave normally unless it is presented with a specific input: the trigger conditions identifying specific victims.

DeepLocker is one type of attacker, but there are many AI applications that can take the offensive in cyber warfare.
Machine learning, for example, can analyze the results of port scans, looking for weaknesses -- or identifying traps like honeypots. AI-enhanced image processing can help identify humans as potential identity-theft or blackmail targets.
Indeed, big data is already used to piece together bits of personal data, as well as relationships to help with identity theft and social engineering.
One advantage that good actors have always held over bad actors: vast amounts of computing infrastructure. Well, not anymore.
Botnets can do a lot more than execute distributed denial-of-service (DDoS) attacks; theres no reason why they cant be harnessed for decrypting digital signatures or running deep learning applications.
We can feel safe in that that top-tier cloud computing providers -- the so-called hyperscalers -- wont be willing to license their CPUs, GPUs, storage, and bandwidth to bad actors.
However, that assumes that the hyperscalers know whats going on. With attacks sponsored by entities like foreign governments, who knows what types of workloads are running on Amazon Web Services or Google Cloud Platform? In terms of software sophistication, AI open-source libraries such as
TensorFlow
or
Apache Spark MLlib
can be downloaded and run by anyone, friend or foe.
Like every other technology, artificial intelligence has become weaponized. Get ready for artificial malevolence, coming to a hacker near you.
Related posts:
Automated Network Security Is Crucial, but No Panacea
IBM Spinout Senzing Fights Fraud, Insider Threats With AI
AI: Not the Cure-All for IT Security Skill Shortage
Red Bull Powers Security Strategy With AI, Automation

Alan Zeichick is principal analyst at
Camden Associates
, a technology consultancy in Phoenix, Arizona, specializing in enterprise networking, cybersecurity and software development. Follow him
@zeichick
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Artificial Malevolence: Bad Actors Know Computer Science, Too