DEF CON Machine-learning tools can create custom malware that defeats antivirus software. In a keynote demonstration at the DEF CON hacking convention Hyrum Anderson, technical director of data science at security shop Endgame, showed off research that his company had done in adapting Elon Musk's OpenAI framework to the task of creating malware that security engines can't spot. The system basically learns how to tweak malicious binaries so that they can slip past antivirus tools and continue to work once unpacked and executed. Changing small sequences of bytes can fool AV engines, even ones that are also powered by artificial intelligence, he said. Anderson cited research by Google and others to show how changing just a few pixels in an image can cause classification software to mistake a bus for an ostrich.
There's a hole in Windows big enough that Microsoft did an emergency fix this week. Called the "worst Windows remote code exec in recent memory" and "crazy bad" by the Google security expert that discovered it, the malware requires no interaction from a user. Often malware requires a PC user to, for example, click on a bad link or do something that -- unbeknownst to the user -- downloads rogue code. The fact that Microsoft took action immediately to fix it – a so-called "emergency out-of-band update" – means it's very serious. "Unlike past incidents, where Microsoft has allowed exploited zero-day vulnerabilities to fester in the wild without being bothered to deliver a patch for months, this time around, the company moved lightning fast to address the issue," according to a report at Bleeping Computer.
Defined as the "ability for (computers) to learn without being explicitly programmed," machine learning is huge news for the information security industry. It's a technology that potentially can help security analysts with everything from malware and log analysis to possibly identifying and closing vulnerabilities earlier. Perhaps too, it could improve endpoint security, automate repetitive tasks, and even reduce the likelihood of attacks resulting in data exfiltration.
The following is a guest article from Dr. Sven Krasser, chief scientist at CrowdStrike. Without a doubt, machine learning is one of the hottest topics in cybersecurity at the moment, and most vendors boast their newest machine learning additions as the panacea that liberates you from all security woes. Machine learning allows security products to do vastly better in various areas. However, it is best understood as a set of techniques that dramatically optimize detection techniques. It does not allow sidestepping inherent limitations e.g.