With warnings coming fast and furious from tech visionaries as diverse as Bill Gates, Elon Musk, and the late Stephen Hawking, to name a few, most of us are conditioned to think of the possible dangers of artificial intelligence in the wrong hands. While armies of AI-powered human-like robots have not yet emerged, AI is being harnessed by bad actors in the creation of “smart malware” that infiltrates traditional defenses by using predictive technology.
But if that’s the case, can’t the opposite also be true? Can AI be used to turn against malware?
Experts emphatically say yes.
Artificial intelligence as a tool to stop the bad guys is a clear example of how the technology can be used in good ways, something that some experts think isn’t emphasized enough.
Thomas Davenport, a professor of cognitive technologies at Babson College, blames the media for much of AI’s bad reputation.
“There’s been so much hype in the media about it, and this is just journalists trying to extend the hype by talking about the negative side,” Davenport told CIO recently.
Jim Furstenberg is an assistant professor of information security and intelligence at Ferris State University and has built an extensive 30-year career in the field. He prefers to focus on the optimistic side of AI.
“I like to use the positive side of AI,” Furstenberg told Smarter MSP. He says that AI can help protect users and refute suspected behaviors.
“It is quite common for attackers to gain legitimate credentials on the system or network, so how does one know if malware is using legitimate, hacked, or stolen credentials on the system? Hiding in plain sight…. AI can help that situation,” Furstenberg says.
The traditional methods of intercepting malware are “too static” Ferstenberg says. And these will “soon lose out to the dynamic nature (if not already) of malware,” Furstenberg explains.
Artificial intelligence will also be able to help MSPs like NUMENTIS streamline their malware offerings.
“Tools from an analyst perspective are simple interfaces with drill-down interconnectedness tying disparate databases which can provide a holistic view of behavior and activities,” Furstenburg says. “Many organizations have too many silos, and AI can help with that.”
Human intelligence versus artificial intelligence
As AI prevails in more and more malware, it will take AI to fight AI.
“With the exponential increase in the amount of data that flows through enterprises today, manual/human methods of cybersecurity are increasingly become less and less viable,” says Niranjan Mayya, founder and president of Toronto upstart cyber security firm RANK Software.
The evolving nature of AI threats also means the AI approach is more and more preferable because, Mayya says, traditional approaches that look for specific patterns or signatures are by definition only able to detect known threats, leaving unknown threat actors or rogue insiders free rein to create mayhem.
“AI/ML [machine learning] is increasingly becoming the technique of choice for modern day cybersecurity solutions. AI-based approaches will measure the normal behaviour of users and machines in an enterprise, and then monitor deviations from this baseline to detect anomalous behaviour. This allows for the detection of unknown threats without the use of rules and signatures,” Mayya explains.
“The nature of modern cyber threats burden businesses with sifting through tens of millions of security events, wasting time, money, and increasing the chance that a credible threat will slip through the cracks,” Mayya says.
Global threats require global solutions
Researchers across the globe are working on ways to incorporate AI into malware interception.
Moses Dlamini is a lecturer on cyber security at the University of KwaZulu Natal in South Africa who has studied and written about the application of artificial intelligence on malware interception suggests “The biggest impediment so far to AI-infused security systems is that so far the bad guys have been faster than the good guys.”
“The cybersecurity threat landscape is forever changing, and the changes comes very rapidly, more especially from those who are developing malware to breach systems. The cybersecurity defence community is just too slow, giving more advantage to the cyber criminals,” Dlamini says.
“The one constant thing in all malware that we have seen is the speed and agility to change form in order to avoid detection,” he says.
This creates a dilemma for anti-virus software developers and Canadian Managed Service Providers (MSP) including in Toronto and Mississauga.
“The developers of malware detection systems have been working in a reactive manner all along using signature-based systems to detect malware. The major problem of such systems is that it can only detect that which have already compromised systems and already have a signature in the anti-virus/malware database,” Dlamini explains.
And this creates a huge opening for AI-enabled antivirals.
Reactive versus proactive AV
“This is where we actually see a massive role of AI in combating malware and closing the gap created by reactive AV to provide proactive AVs that are able to anticipate new variants of malware before their authors can release them to wreck systems,” Dlamini says.
Dlamini and his fellow researchers call these known malware strains “derived viruses” because the authors are simply changing the signature of old variants, but the overall methodology of infection is the same.
Dlamini says AI can help malware detection by classifying and learning the patterns of malware over time and develop the ability to anticipate and predict new variants before they hit their intended targets.
In this way, anti-virus software performs as AI-infused autonomous vehicles may someday, anticipating the moves of drivers based on past patterns.
“AI has the capability to provide predictive analytics to help combat future malware using the powerful capability of neural networks to do proper classification and accurate prediction of new variants,” Dlamini says.
AI’s ugly race
Dlamini, though, is not optimistic about the long-term capability of AI to thwart malware.
“It will help for now or up to about two or three years from now or until such a time that the cyber-criminals stop being lazy to just use what has always been there and to start thinking about new ways of TTPs [tactics, techniques, and procedures],” Dlamini says.
Cybercriminals, he predicts, will begin using the same AI capabilities for developing malware that avoid even AI-inspired detection products.
“This would mean developing malware that learns the detection techniques of all AV, i.e. even those that have predictive analytics, and shows 100-percent success rate of detection avoidance,” Dlamini says.
This opens up the spine chilling scenario that we’ll then be in a world of an AI ugly race of the good guys and bad guys neck and neck trying to outdo one another.
“Unsupervised learning is key to achieving such malware. Malware that learns on the fly and changes forms before it can be detected. This is the future of malware. Malware that would spoof attacker to gather intelligence on the things that trigger the alarms and build their defense mechanisms around those triggers and even up-to-date anti-malware becomes useless,” Dlamini explains.
AI impact on MSPs
Canadian MSPs like NUMENTIS will continue to play their usual roles as gatekeepers and guards for their clients, remembering that an an ounce prevention is always better than a pound of cure. However, when it comes to AI, the digital world will embark on a long AI war because it’s hard to know the proper prevention when you don’t from what you’e defending.
Dlamini says nimble threat intelligence tools, predictive analytics, and innovative malware classifiers will all be part of an MSP’s anti-viral toolkit, in addition to better methodology needs to be developed.
“New algorthims must be developed to improve the accuracy of most of the proposals,” he says.
Dlamini says dedicated malware anlaysis/test labs would help MSPs create sandboxed or isolated environments where intelligent AV could learn more about the behavior of malware and incorporate learned data into new signatures.
“Proactivity is key,” Dlamini says.
I trust 2018 is already off to a fantastic start for your business. As I talk with customers like you and examine the technology landscape, one consistent theme is an increased pace of change not just in technology but in the kinds of assets and information businesses and professionals are looking to protect. Our mission here at NUMENTIS is to help keep our customers’ data safe and secure, especially when so much is depending on it and the cost of losing it is extremely high.
A key role for our customers as their managed services provider (MSP) is to protect their information including intellectual property, financial records, and passwords, but also to provide guidance and encourage best practices for data handling. Sadly, there are many ways where “bad actors” try to take what is of value from businesses like yours. We’ve put together some tips below to help bring awareness so you can better protect yourself and your business.
Software Updates: When you receive a notification to update your software from a trusted source, make sure that update happens quickly. Typically one of the reasons for the update is to plug potential security gaps and is automatically handled if you have a managed service provider in the GTA.
Too Good to Be True: Regardless of whether you receive an offer online or in the real world, if the offer seems too good to be true then more than likely it is. Don’t click on the link. Delete the email. Don’t provide your personal information (especially your social security number). If it’s a phone call, hang up. If you don’t engage the scammer, they can’t engage with you.
Email Scams (Phishing): The scammer will send you an email that looks like an official email from a company you already do business with and in that email they will be requesting information. These fake emails can be hard to detect. If you feel for any reason there is something “fishy” with the email, type in the URL of the website yourself rather than clicking on a link. Or call the contacting company’s customer service. Only use the phone number that you’ve used in the past or taken from their official website — do not use a phone number provided in the potentially phishing email.
To sum it up… Keep updated! Don’t engage if it’s too good to be true. And if you’re unsure, contact us, your managed service provider (MSP) in Mississauga.
As the year 2017 draws to a close, we look back at the 10 most significant (or simply the most damaging) cyber security stories of the year. Read through the list below to see which attacks, data breaches, and other events left a lasting impact on both the security industry and the global business community overall. Did any of these impact your business?
The flexibility and easy management of virtual desktops makes them a perfect choice for companies looking for IT solutions in Toronto to maximize their budget and the efficiency of the technology infrastructure. Virtual desktop infrastructure (VDI) is a desktop operating system hosted within a virtual machine that runs on a centralized server. The desktop images can be accessed by a variety of devices, including desktops, laptops, and mobile devices.
Many business owners are still hesitant to adopt transformation technology such as Cloud Services because they are concerned about costs, interruption to current services and having to learn and develop new processes and procedures. Unfortunately, these short-sighted worries will result in limitations to both business growth and revenue. In today’s global market, a digital transformation is key to business success. Read More ›
Organizations today are constantly looking for ways to be flexible and forward thinking so that they can best serve their customers. When it comes to boosting the power of IT, businesses in Toronto and across Canada have been turning to managed IT services to help support strategic goals and achieve stronger results. Read More ›
Technology is always quickly changing and expanding, and it’s easy to see how the advancement of technology has positively affected businesses. Many businesses use IT solutions in Toronto to help their business stay on top of technological advancements for their online platforms, cloud services, and cybersecurity solutions. 2017 has ushered in four major trends for managed IT services that are expected to change the way businesses operate in the coming years. Read More ›
It was only a matter of time before ransomware made international headline news; and repeatedly. First, it was the WannaCry attack that spread globally in a matter of days, then the more recent NotPetya attack hitting businesses hard, affecting both large global corporations and small to midsize businesses (SMB).
As a digitally active business in 2017, you can’t afford to lose your data. Whether due to natural disaster, human error, or security breach, data loss is not only very costly but extremely risky. That’s why every Small and Midsize Businesses (SMB) needs a business continuity and disaster recovery solution.
Humanity is now more connected than ever. The explosive growth of technology like the internet, mobile computing, and social media are evidence of our innate need to always be connected, and our vast appetite for timely and accurate information. This dependency on information is ever more critical for businesses.