Story image

Machine learning is a double-edged sword for cyber security

08 Oct 18

Machine learning (ML), usually oversold as artificial intelligence (AI), presents a double-edged sword for businesses, because, while it provides cyber security advancements, it can also give cyber criminals an advantage. 

While malware researchers use ML to better understand online threats and security risks, adversaries can use it to become harder to detect, and more targeted or successful in their attacks. 

IT departments and security decision-makers need to understand the complexity of ML in cyber security, and how to strike a balance between risk and reward. Security professionals need to stay one step ahead of savvy cyber criminals and optimise ML in unique and effective ways that cybercriminals can’t, according to ESET. 

ML, as a subcategory of AI, has already triggered radical shifts in many sectors, including cyber security. ML has helped security developers improve malware detection engines, increase detection speeds, reduce the latency of adding detection for entirely new malware families and enhance abilities to spot suspicious irregularities. These developments lead to higher levels of protection for organisations against advanced persistent threats (APTs), as well as new and emerging threats. 

With that being said, cyber security professionals are beginning to recognise that AI/ML is limited in its capacity to combat online threats and that the same advanced technologies are readily available to cyber criminals. According to an ESET survey, the vast majority of IT decision-makers are concerned about the growing number and complexity of future AI/ML-powered attacks, and the increased difficulty of detecting them. 

For example, in 2003, the Swizzor Trojan horse used automation to repack its malware once every minute. As a result, each of its victims was served a polymorphically-modified variant of the malware, complicating detection and enabling its wider spread.

Two-thirds of the almost 1000 IT decision-makers surveyed by ESET agreed that new applications of AI/ML will increase the number of attacks on their organisations, while even more respondents thought that AI/ML technologies will make future threats more complex, and harder to detect (69% and 70% respectively). 

Nick FitzGerald, senior research fellow, ESET, said, “Amongst the recent hype regarding AI and ML, many organisations and security decision-makers fail to realise that these tools aren’t reserved for responsible, constructive use. Technological advances in AI/ML have an enormous transformative potential for cyber security defenders, however, cyber criminals are also aware of these new prospects. 

“Cyber criminals might, for example, adopt ML to improve targeted attacks and thus become more difficult to uncover, track and mitigate. Cyber security developers can’t rely on ML to fight online threats when hackers are using that same technology. They must be realistic about the limitations of ML, and understand the consequences these advancements can have.” 

While ML isn’t a silver bullet cure to cyber attacks, it is being effectively and smartly incorporated into anti-malware protection products to improve detection of ever-evolving online threats.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.