Bank Creates Its Own AI To Identify & Disintegrate Malware

JPMorgan Chase is integrating Artificial Intelligence into its internal security systems to thwart malware infections within its own networks.
 
Machine-learning code predicts whether connections are legit or likely to result in a bad day for someone. The majority of cyber-crime has always been financially motivated, and banking Trojans or botnets have been some of the primary drivers of botnet traffic and malicious activities. 
 
For example, The GameOver ZeuS (GOZ) group, was a crime ring that focused on corporate banking account takeovers, with an estimated 100 million dollars of losses attributed to the group. 
 
The steps below describe in greater detail how APT-based banking Trojan typically works: 
 
1. Reconnaissance and Weaponisation: Gathering information and preparation of an attack. Using Carbanak APT [22] as an example, Cyber-criminals registered new spoofing domains to impersonate a legitimate software or tech company in later spear phishing emails claiming required software update. 
2. Delivery: Common methods of malicious payload delivery by banking Trojans are email attachments, social engineering and drive by download through spear phishing campaigns targeting employees within the victim organisations. 
3. Exploitation and Installation: If an employee within the targeted organizations opened the attachments or visited the malicious websites in above spear phishing emails, the vulnerability is successfully exploited, and backdoor is installed on the victim’s system. 
4. Command and Control: Command-and-control (C2) infrastructure plays an essential role in coordinating botnets and malware. Attackers set up C2 servers to distribute commands or harvest sensitive data from victims’ computers, or gain access to the critical systems in the victim’s infrastructure. Many sophisticated malware families contain domain generation algorithms (DGAs) to generate pseudo-random domains in bulk to evade public blacklists. 
5. Action on Objectives: Once the attackers successfully compromised the victim’s networks, especially the critical systems such as money processing services or financial accounts, attackers can now perform fraudulent transactions or cash out. 
 
JPMorgan Chase is integrating AI into its internal security systems to thwart malware infections within its own networks.
The banls Technology and IT experts the describe how deep learning can be used to identify malicious activity, such as spyware on staff PCs attempting to connect to hackers' servers on the public internet. It can also finger URLs in received emails as suspicious. And it’s not just an academic exercise: some of these AI-based programs are already in production use within the financial giant.
 
The aim is to detect and neutralize malware that an employee may have accidentally installed on their workstation after, say, opening a booby-trapped attachment in a spear-phishing email. It can also block web-browser links that would lead the employee to a page that would attempt to install malware on their computer.
 
Neural networks can be trained to act as classifiers, and predict whether connections to the outside world are legit or fake: bogus connections may well be, for example, attempts by snoop-ware on an infected PC to reach the outside world, or a link to a drive-by-download site. These decisions are thus based on the URL or domain name used to open the connection. 
Specifically, long-short term memory networks (LSTM) used in the bank's AI software can predict if a particular URL or domain name is real or fake. The engineers trained theirs using a mixture of private and public datasets.
 
The public datasets included a list of real domains scraped from the top million websites as listed by Alexa; they also used 30 different Domain Generation Algorithms (DGA), typically used by malware, to spin up a million fake malicious domains. For the URL data, they took 300,000 benign URLs from the DMOZ Open Directory Project dataset and 267,418 phishing URLS from the Phishtank dataset. The researchers didn’t specify the proportion of data used for training, validation, and testing.
 
You might think just firewalling off and logging all network traffic from bank workers' PCs to the outside world would do the trick in catching naughty connections and thus has turned to machine-learning to improve its network monitoring while allowing ongoing connections.
 
How it Works
First, the string of characters in a particular URL or domain name to be checked are converted into vectors and fed into the LSTM as input. The model then spits out a number or probability that the URL or domain name is bogus.
 
The LSTM was able to a performance of 0.9956 (with one being the optimal result) when classifying phishing URLs and 91 per cent accuracy for DGA domains, with a 0.7 per cent false positive rate. AI is well adapted to discovering the common patterns and techniques used in malicious software, and can even be more effective than traditional URL and domain-name filters.
 
“Advanced Artificial Intelligence (AI) techniques, such as Deep learning, Graph analysis, play a more significant role in reducing the time and cost of manual feature engineering and discovering unknown patterns for Cyber security analysts,” the bank's researchers told The Register.
 
Next, they hope to experiment with other types of neural networks like convolutional neural networks and recurrent neural networks to clamp down on the spread of malware even further. 
 
The Regsister:     Arvix
 
You Might Also Read:
 
Malware Attacks Drop As Encrypted Attacks Increase:
 
Five Hi -Tech Ways To Fight Off Cyber Attackers:
 
 
 
« US National Security Agency’s Cyber Offensive
Is The Cloud Skills Gap A Problem? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

SailPoint

SailPoint

SailPoint provides identity governance solutions with on-premises and cloud-based identity management software for the most complex challenges.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

Salviol Global Analytics

Salviol Global Analytics

Salviol Global Analytics is a leading provider of Fraud, Risk and Operational Performance Solutions to a number of vertical markets including Insurance, Banking, Utilities, Telco’s and Government.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

Exalens

Exalens

With deep roots in AI-driven cyber-physical security research and intrusion detection, at Exalens, we are enhancing operational resilience for cyber-physical systems at the OT edge.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).