itb-nz logo
Story image

Cybercriminals leverage AI to sustain attacks on enterprises

18 Jan 2021

There is no doubt that artificial intelligence (AI) and machine learning (ML) are technologies that have helped to push automation to new levels across all areas of business - including security.

Inevitably at some stage in the security journey, organisations will have heard how these technologies can help them to keep their company more secure, more streamlined, and less overwhelmed by billions of security threats.

However, this rhetoric only looks at one side of the proverbial coin. In fact, cybercriminals are taking advantage of those very same technologies to automate their attacks, too.

AI, ML, and automation all make up the new security battleground, and these technologies are evolving just as quickly on the attack side as the defence side.

According to Sophos’ 2021 Threat Report, many threat attackers continue to invest in ransomware in terms of innovating the technology - and their own motives. There is more collaboration amongst threat actors in the criminal underground, who operate more like ‘cybercrime cartels’ than distinct threat groups, the report notes.

2020 presented many opportunities for cybercrime as the world explored the challenges of working from home. Further, cybersecurity professionals were mobilised into a ‘rapid reaction’ force to stop threats that relied on any type of COVID-19-related social engineering that could penetrate employees’ networks.

The report notes, “Ransomware operators pioneered new ways to evade endpoint security products, spread rapidly, and even came up with a solution to the problem (from their perspective) of targeted individuals or companies having good backups, securely stored where the ransomware couldn’t harm them.”

“But what appeared to be a wide variety of ransomware may not be as wide as it seems. As time went on, and we investigated an increasing number of attacks, Sophos analysts discovered that some ransomware code appeared to have been shared across families, and some of the ransomware groups appeared to work in collaboration more than in competition with one another.”

In other words, threat actors are finding new ways to dodge smarter security systems, but the base code still remains similar to what has been spotted in current (or past) ransomware types.

Sophos’ previous Threat Report indicated that automation is being used in the early attack stages to access and control their target environment. This happens before attackers make patient and strategic evasion move to attack endpoints. 

Attackers also compromise the integrity of machine learning-based security systems by ‘string-stuffing universal bypass attacks’, which essentially means that machine learning systems accept the very malware they were designed to fend off.

Some other forms of machine learning malware can detect sandboxes, which means it can be difficult to analyse or reverse-engineer these threats.

Download the Sophos 2021 Threat Report here.