Skip to main content

Featured

How 2020 Presidential Candidates Can Guard Against Cyberattacks

The 2016 presidential election witnessed unprecedented Russian cyberattacks and disinformation campaigns designed to disrupt the U.S. electoral system by influencing public opinion. The Russian goal is intended to destabilize the U.S.  through ideological activism, advancing their interest and further their political agenda. Their methods compromised computer systems of candidates and political parties using the exfiltrated data to spread disinformation and influence presidential elections.

On January 6, 2017, the U.S. Director of National Intelligence released a declassified report “Assessing Russian Activities and Intentions in Recent U.S. Elections.” According to the report, Vladimir Putin ordered a massive campaign orchestrating attacks from multiple fronts that involved spreading pro-Trump propaganda on social media to hacking the Democratic National Committee (DNC). Their methods resulted in massive data breaches within the DNC that included access to John Podesta's email f…

2019 Will Be The Year Of Intelligent Cybercrime Threats



In today’s security defenses, many organizations are adopting artificial intelligence (AI) and machine learning (ML) technologies to thwart cyberattacks.  Without these innovative technologies managing distributed and complex infrastructures require a high amount of human capital and intervention.

Sophisticated cybercriminal organizations including state-sponsored actors as a whole are indeed moving in the same direction using weaponized AI and ML to exploit their targets.  It is well known that these actors have long adopted the same development techniques used in the industry employing rapid development methodologies such as Agile. The malware and methods are evaluated on their effectiveness, time to develop, modify and implement.

Fuzzing

This problematic technique is used with researchers in laboratory environments to discover vulnerabilities in hardware and applications. Researchers inject bad data into an application or device then closely monitor events such as crashes, memory leaks and other behaviors to discover zero-day exploits. Few cybercriminal organizations other than the well-funded state-sponsored actors have the wherewithal to create these experienced professional teams.

With AI and ML, the cybercriminal will have effective and efficient tools available to apply towards this process forever changing the zero-day landscape. They will be able to target their victims and mine it for zero-day vulnerabilities. In turn, it will have devastating effects on securing network devices and applications. The cybercriminal now can solve problems and find new ways to exploit hardware and applications that were previously beyond their reach.

Continuous Zero-Day

With a vast and continually expanding library known to exist n the wild, cybercriminals are using just a small percentage. It is for this reason useful security tools must monitor the entire library as it is uncertain which of that small percentage the cybercriminal will use. Organizations worldwide are ill prepared to deal with the avalanche of next-generation malware that will require AI and ML to keep up. With the overwhelming volume of not knowing or anticipating exploits traditional security methods such as sandboxing and patching are rendered obsolete.

Swarms-as-a-Service

Intelligent swarm-based technologies enable botnets to function as swarms that dramatically accelerate attacks overwhelming their target’s defenses with impunity. For example, the Chinese military is developing this capability to attack and overcome their target; it is an evolving game changer with botnets acting collaboratively and anonymously.  Governments around the world must raise the bar and develop in earnest defenses against these emerging threats.

Impacts to cybercriminal organizations will be profound giving them yet another avenue to expand their reach. For instance, the criminal ecosystem is driven by human capital where custom exploits are developed for a fee, more sophisticated intelligent service-oriented ransomware requires the expertise of black-hat engineers. With swarms-as-service technology, the development investment is reduced increasing profitability.

A la Carte (Virtualized) Swarms

Swarms that are stood up performing antonymous divide and conquer tasks achieve the same effect as virtualization. These a-la-cart swarms are tailored with a wide range of exploits from evasion to data exfiltration. The cybercriminal has wide latitude to solve specific challenges in an attack chain. Moreover, these swarms by design do not have a centralized command and control system making it extremely difficult to defend against.

These swarms use ML to break into a hardware device or AI fuzzing to detect zero-day exploit points. They also can move laterally across a network expanding their attack surface, evade detection, collect and exfiltrate data. Other swarms are designed to cross the divide between cyber and physical to take control of the target’s physical and network resources.

Machine Learning Poisoning and Evasion

One of the most promising technologies in cybersecurity is ML.  Systems are trained to perform specific tasks, such as baselining behavior, applying behavioral analytics to identify sophisticated threats, or taking effective countermeasures when facing an advanced threat. The rub with ML is that it has no conscience where it cannot differentiate the bad and sound input, both are processed as the same.  This limitation provides cybercriminals with an efficient detection evading technique by targeting the ML process. They can train the system not to patch devices, ignore behaviors, turn off logging, and install backdoors or Trojans. For example, an attacker can poison the training data by injecting carefully designed samples to compromise the whole learning process.

The Road Ahead to Prepare

Organizations must understand that AI and ML will be weaponized and used against them. It is essential that given today’s threats, the reaction to these threats must be at machine speed stopping them within milliseconds.  Combining automation, innovation, integrating AI and ML throughout the network infrastructure will dramatically defend against advanced cybercrime tactics.

Layered Architecture Approach

Today’s advanced cybercriminal will find a way to defeat AI and ML technologies to launch a successful campaign. By adding various ML layers and stacked ensembles in an architectural strategy will thwart evasion attempts if one ML model fails others will detecting the attack and respond. For example, each layer has its uniqueness trained with different ML algorithm models for varying types of attacks. One layer can be trained to recognize behavioral signals, another fuzzy hash/distance of known attacks, and another for emerging threats. There are several models to design within an architecture such as client, cloud, full file content and file detonation providing a practical approach defending against attacks. Consolidating the results into a stacked ensemble from the distinct ML layers create even stronger predictions (the big picture) that are more resilient to attacks.