itb-au logo
Story image

Cybercriminals leverage AI to sustain attacks on enterprises

18 Jan 2021

There is no doubt that artificial intelligence (AI) and machine learning (ML) are technologies that have helped to push automation to new levels across all areas of business - including security.

Inevitably at some stage in the security journey, organisations will have heard how these technologies can help them to keep their company more secure, more streamlined, and less overwhelmed by billions of security threats.

However, this rhetoric only looks at one side of the proverbial coin. In fact, cybercriminals are taking advantage of those very same technologies to automate their attacks, too.

AI, ML, and automation all make up the new security battleground, and these technologies are evolving just as quickly on the attack side as the defence side.

According to Sophos’ 2021 Threat Report, many threat attackers continue to invest in ransomware in terms of innovating the technology - and their own motives. There is more collaboration amongst threat actors in the criminal underground, who operate more like ‘cybercrime cartels’ than distinct threat groups, the report notes.

2020 presented many opportunities for cybercrime as the world explored the challenges of working from home. Further, cybersecurity professionals were mobilised into a ‘rapid reaction’ force to stop threats that relied on any type of COVID-19-related social engineering that could penetrate employees’ networks.

The report notes, “Ransomware operators pioneered new ways to evade endpoint security products, spread rapidly, and even came up with a solution to the problem (from their perspective) of targeted individuals or companies having good backups, securely stored where the ransomware couldn’t harm them.”

“But what appeared to be a wide variety of ransomware may not be as wide as it seems. As time went on, and we investigated an increasing number of attacks, Sophos analysts discovered that some ransomware code appeared to have been shared across families, and some of the ransomware groups appeared to work in collaboration more than in competition with one another.”

In other words, threat actors are finding new ways to dodge smarter security systems, but the base code still remains similar to what has been spotted in current (or past) ransomware types.

Sophos’ previous Threat Report indicated that automation is being used in the early attack stages to access and control their target environment. This happens before attackers make patient and strategic evasion move to attack endpoints. 

Attackers also compromise the integrity of machine learning-based security systems by ‘string-stuffing universal bypass attacks’, which essentially means that machine learning systems accept the very malware they were designed to fend off.

Some other forms of machine learning malware can detect sandboxes, which means it can be difficult to analyse or reverse-engineer these threats.

Download the Sophos 2021 Threat Report here.

Story image
Low-code tech market to reach US$13.8 billion in 2021
Driven primarily by factors influenced by the pandemic last year, COVID-19 restrictions will continue to drive a surge in remote development in 2021, which in turn will boost low-code adoption, Gartner says.More
Story image
NICE rolls out agile workforce management for distributed workforces
Agile WEM is a way in which organisations can virtually connect their workforces in one location.More
Story image
Databricks partners with Google Cloud, enables multicloud for the enterprise
“This is a pivotal milestone that underscores our commitment to enable customer flexibility and choice with a seamless experience across cloud platforms."More
Story image
Video: 10 Minute IT Jams - Who is LinearB?
LinearB is a software delivery intelligence company which aims to support dev teams. It solutions are geared towards improving software delivery performance for engineering firms, IT organisations and more.More
Story image
Frost & Sullivan breaks down biggest changes in the world of UIs
“UI technologies will be an important component in the shift from the office to a virtual workplace that is mobile and more flexible, while interactive interfaces have expanded the scope of businesses to engage with their customers and build deep relationships."More
Story image
Fergus grows staff by 50%, bolsters C-suite after bumper growth year
Chris Stevens has been appointed as the chief technology and product officer and is tasked with supporting the company’s technical development and product roadmap. More