AI Takes Hacking To Another Level

Uploaded on 2018-08-17 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments, TECHNOLOGY--Hackers

The nightmare scenario for computer security - artificial intelligence programs that can learn how to evade even the best defenses - may already have arrived.

That warning from security researchers is driven home by a team from IBM Corp. (IBM.N) who have used the artificial intelligence technique known as machine learning to build hacking programs that could slip past top-tier defensive measures.

State-of-the-art defenses generally rely on examining what the attack software is doing, rather than the more commonplace technique of analyzing software code for danger signs. But the new genre of AI-driven programs can be trained to stay dormant until they reach a very specific target, making them exceptionally hard to stop.

No one has yet boasted of catching any malicious software that clearly relied on machine learning or other variants of artificial intelligence, but that may just be because the attack programs are too good to be caught.

Researchers say that, at best, it’s only a matter of time. Free artificial intelligence building blocks for training programs are readily available from Alphabet Inc’s Google (GOOGL.O) and others, and the ideas work all too well in practice.

“I absolutely do believe we’re going there,” said Jon DiMaggio, a senior threat analyst at cyber security firm Symantec Corp. “It’s going to make it a lot harder to detect.”

The most advanced nation-state hackers have already shown that they can build attack programs that activate only when they have reached a target. The best-known example is Stuxnet, which was deployed by U.S. and Israeli intelligence agencies against a uranium enrichment facility in Iran.

The IBM effort, named DeepLocker, showed that a similar level of precision can be available to those with far fewer resources than a national government.

In a demonstration using publicly available photos of a sample target, the team used a hacked version of videoconferencing software that swung into action only when it detected the face of a target.

“We have a lot of reason to believe this is the next big thing,” said lead IBM researcher Marc Ph. Stoecklin. “This may have happened already, and we will see it two or three years from now.”

At a recent New York conference, Hackers on Planet Earth, defense researcher Kevin Hodges showed off an “entry-level” automated program he made with open-source training tools that tried multiple attack approaches in succession.

“We need to start looking at this stuff now,” said Hodges. “Whoever you personally consider evil is already working on this.”

Reuters:

You Might Also Read:

What is Machine Learning?

« Cybersecurity Training For High School Students
A Guided Tour Of The Asian Dark Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

ICS Cyber Security Conference

ICS Cyber Security Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

YouWipe

YouWipe

Scandinavian Data Erasure Leader YouWipe is the number one choice of European Ministries, European Central Banks, Swiss Pharmaceuticals and Major Electronics Retail Chains.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

SECTA5

SECTA5

SECTA5 is a cybersecurity company building a next-generation Continuous Threat and Exposure Management platform, leveraging the expertise of offensively trained cyber defenders.

Cybermindz

Cybermindz

Many cyber security professionals are under sustained and increasing stress. We set about providing direct support to restore and rebuild emotional and cognitive health.