Darktrace Describe The Alarming Future AI Attack Scenario

Uploaded on 2018-11-14 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments, TECHNOLOGY--Hackers

AI has the potential to bring a select set of advanced techniques to the table when it comes to cyber offense, researchers at Darktrace say in a very interesting Report they have recently published – The Next Paradigm Shift – AI-Driven Cyber-Attacks. 

In the report, the cybersecurity firm documented three active threats in the wild which have been detected within the past 12 months. Analysis of these attacks, and a little imagination, has led the team to create scenarios using AI which could one day become reality.

AI’s Attack Profile
In the future, AI-driven malware will self-propagate via a series of autonomous decisions, intelligently tailored to the parameters of the infected system. 

Imagine a worm-style attack, like WannaCry, which, instead of relying on one form of lateral movement (e.g., the EternalBlue exploit), could under- stand the target environment and choose lateral movement techniques accordingly. If EternalBlue were patched, it could switch to brute-forcing SMB credentials, loading Mimikatz or perhaps install a key-logger to capture credentials. 

AI-driven malware will then choose whatever method appears most successful for the target environment and use this to move laterally. Instead of utilising exploits, it might find PsExec is regularly used between certain devices at specific times of day. 

By learning this and then using PsExec for lateral movement, during times when it would normally be used, identification of the malware will become almost impossible. PsExec can of course be replaced by RDP, SSH or any other administrative toolkit that represents normal for a given environment. 

The malware can learn context by quietly sitting in an infected environment and observing normal business operations, such as the internal devices the infected machine communicates with, the ports and protocols it uses, and the accounts which use it. 

Able to make those decisions autonomously, no C2 channel will be required for the attack to propagate and complete its mission. By eliminating the need for C2, the attack will become stealthier and more dangerous. Trickbot has displayed the first signs of utilizing multiple payloads for monetization – stealing banking details and locking machines for ransom. Malware authors can maximize their profits if their malware can choose autonomously which payload will yield the highest profit based on the context of the environment and infected machine. 

As Trickbot is modular and under active development, why not add the capacity to make smarter decisions? Narrow AI can learn that if it infects the laptop of a VIP, such a user is likely to conduct a lot of email communication revolving around financial information. 

On a VIP’s device, it will be more pro table to silently steal information or lock the machine and thus grind the company to a halt. However, if the malware identifies it has been dropped onto a server that is not processing any mission-critical information, it might just install a crypto-miner, as locking the server will only lead to investigation. Semantic analysis and contextual awareness allow software to make these distinctions and autonomously make these kinds of decisions. 

How do we tell where an automated attack stops, and an interactive session starts? As this case of Trickbot lever- aging Empire Powershell demonstrates, the previously clear distinction between automated malware and human-driven attacks is no longer viable. 

Darktrace:       ZDNet:

You Might Also Read:

 

 

« Dozens of Spies Killed Thanks To Flawed CIA Comms System
Good News About Voting Security »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Site24x7

Site24x7

Site24x7 is an AI-powered observability platform for DevOps and IT operations.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

ABL Cyber Academy

ABL Cyber Academy

ABL provide certified training courses in the field of cyber security and IT project management.

Blackwall

Blackwall

Blackwall (formerly BotGuard) is a security infrastructure company focused on protecting web ecosystems from automated threats, while optimizing performance for hosting environments.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

Defensity

Defensity

Defensity offer bespoke & pre packaged IT Security Solutions for Small business to help companies reduce overall IT related risk.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

cleverDome

cleverDome

cleverDome has created the first community built and proven model that redefines the standards for protecting the most confidential data and information of consumers in the cloud.

Melius CyberSafe

Melius CyberSafe

Melius CyberSafe has developed a world-leading SaaS platform built around continuous assessment and improvement through vulnerability scanning and penetration testing.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

TokenEx

TokenEx

TokenEx Cloud Security Platform protects sensitive data to strengthen our clients' security postures while future-proofing their operations.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.

Foresights

Foresights

Foresights is a Nordic company utilizing advanced intelligence tradecraft and extensive cyber security capabilities to deliver services and advisory tailored to our client’s critical requirements.

AVIANET

AVIANET

AVIANET's goal is to empower enterprises and corporations worldwide and manage their digital transformation journey with confidence.