Darktrace Describe The Alarming Future AI Attack Scenario

AI has the potential to bring a select set of advanced techniques to the table when it comes to cyber offense, researchers at Darktrace say in a very interesting Report they have recently published – The Next Paradigm Shift – AI-Driven Cyber-Attacks. 

In the report, the cybersecurity firm documented three active threats in the wild which have been detected within the past 12 months. Analysis of these attacks, and a little imagination, has led the team to create scenarios using AI which could one day become reality.

AI’s Attack Profile
In the future, AI-driven malware will self-propagate via a series of autonomous decisions, intelligently tailored to the parameters of the infected system. 

Imagine a worm-style attack, like WannaCry, which, instead of relying on one form of lateral movement (e.g., the EternalBlue exploit), could under- stand the target environment and choose lateral movement techniques accordingly. If EternalBlue were patched, it could switch to brute-forcing SMB credentials, loading Mimikatz or perhaps install a key-logger to capture credentials. 

AI-driven malware will then choose whatever method appears most successful for the target environment and use this to move laterally. Instead of utilising exploits, it might find PsExec is regularly used between certain devices at specific times of day. 

By learning this and then using PsExec for lateral movement, during times when it would normally be used, identification of the malware will become almost impossible. PsExec can of course be replaced by RDP, SSH or any other administrative toolkit that represents normal for a given environment. 

The malware can learn context by quietly sitting in an infected environment and observing normal business operations, such as the internal devices the infected machine communicates with, the ports and protocols it uses, and the accounts which use it. 

Able to make those decisions autonomously, no C2 channel will be required for the attack to propagate and complete its mission. By eliminating the need for C2, the attack will become stealthier and more dangerous. Trickbot has displayed the first signs of utilizing multiple payloads for monetization – stealing banking details and locking machines for ransom. Malware authors can maximize their profits if their malware can choose autonomously which payload will yield the highest profit based on the context of the environment and infected machine. 

As Trickbot is modular and under active development, why not add the capacity to make smarter decisions? Narrow AI can learn that if it infects the laptop of a VIP, such a user is likely to conduct a lot of email communication revolving around financial information. 

On a VIP’s device, it will be more pro table to silently steal information or lock the machine and thus grind the company to a halt. However, if the malware identifies it has been dropped onto a server that is not processing any mission-critical information, it might just install a crypto-miner, as locking the server will only lead to investigation. Semantic analysis and contextual awareness allow software to make these distinctions and autonomously make these kinds of decisions. 

How do we tell where an automated attack stops, and an interactive session starts? As this case of Trickbot lever- aging Empire Powershell demonstrates, the previously clear distinction between automated malware and human-driven attacks is no longer viable. 

Darktrace:       ZDNet:

You Might Also Read:

 

 

« Dozens of Spies Killed Thanks To Flawed CIA Comms System
Good News About Voting Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

Raytheon Technologies

Raytheon Technologies

Raytheon Intelligence & Space delivers solutions that protect every side of cyber for government agencies, businesses and nations.

TrustInSoft

TrustInSoft

TrustInSoft develops solutions that validate mission-critical software and eliminate attack vectors.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Taoglas

Taoglas

Taoglas Next Gen IoT Edge software provides a pay as you go platform for customers to connect, manage and maintain their edge devices in an efficient and secure way.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

StealthPath

StealthPath

StealthPath is focused on endpoint protection, securing the “implicit trust” vulnerabilities of current leading information security solutions.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.