There has been a lot of hype around AI to the point where some people are simply tuning it out. I think this is a mistake. While there are limits to what AI can do, there also are sophisticated attacks that we'd miss without it. The need for AI is driven by three fundamental yet significant changes in the enterprise computing environment. Taking all of these factors together leads me to believe that AI is not only a viable solution, but it may be the only solution.
Sophisticated threat actors can often maintain a long-term presence in their target environments for months at a time, without being detected. They move slowly and with caution, to evade traditional security controls and are often targeted to specific individuals and organizations. AI will also be able to learn the dominant communication channels and the best ports and protocols to use to move around a system, discretely blending in with routine activity. This ability to disguise itself amid the noise will mean that it is able to expertly spread within a digital environment, and stealthily compromise more devices than ever before. AI malware will also be able to analyse vast volumes of data at machine speed, rapidly identifying which data sets are valuable and which are not. This will save the (human) attacker a great deal of time and effort.
Trojan malware attacks against business targets have rocketed in the last year, as cyber criminals alter their tactics away from short-term gain and in-your-face ransomware attacks towards more subtle, long-term campaigns with the aim of stealing information including banking information, personal data and even intellectual property. Figures from security company Malwarebytes Labs in a new report suggest that trojan and backdoor attacks have risen to become the most detected against businesses – and the number of trojan attacks has more than doubled in the last year, increasing by 132 percent between 2017 and 2018, with backdoors up by 173 percent. Malwarebytes classifies trojans and backdoors separately, describing a trojan as a program "that claim to perform one function but actually do another", Meanwhile, a backdoor is defined as "a type of trojan that allows a threat actor access to a system by bypassing its security" and gaining access to systems undetected. Attacks using spyware -- malware that gathers information on a device and sends it to a third-party actor -- have also jumped hugely, up by 142 percent in the same period. "When you say spyware, people think of how it's been around for a decade or more and it's old and boring -- but it's really effective and it's really come back into fashion with the rise in attacks on businesses and a thirst for data exfiltration," Chris Boyd, lead malware intelligence analyst at Malwarebytes told ZDNet.
The group behind a notorious banking trojan have expanded their operations are are now offering to deliver other forms of malware on behalf of other attackers. The Mealybug hacking operation has been active since at least 2014 and is known for its custom-built Emotet trojan, a form of self-propagating malware which has mostly targeted banking customers across Europe. But now Mealybug has changed its approach to cyber crime, with a shift towards using Emotet as a way for other groups to steal information with the US by far the biggest market for this malicious activity, accounting for 90 percent of detections. The evolution of Emotet from banking trojan to distributor of threats for other malicious actors has been detailed by researchers at security company Symantec, who have been monitoring its activity. Emotet arrives via a phishing email containing a malicious link or a malicious document which is used to download the payload.
Cyber criminals are always looking for brand new ways of making money and causing destruction -- or, even better, both at once. The last 12 months have seen a boom in malicious cryptocurrency mining whereby cyber attackers secretly hijack the processing power of computers, servers and even IoT devices and use it to mine for cryptocurrency. While it might not be rapidly lucrative for the crooks involved, it's stealthy and can be sustained over a long period of time -- and most users don't even know their machine's processor is being used to line someone else's pockets. Ransomware takes the opposite approach: pay up, or risk having your files permanently locked, with the WannaCry and NotPetya ransomware attacks causing destruction around the world. But while cryptojacking and ransomware continue to be widespread threats, other attackers have continued to quietly deploy a potentially much more damaging threat: trojan malware.