sb-au logo
Story image

Cybercriminals leverage AI to sustain attacks on enterprises

18 Jan 2021

There is no doubt that artificial intelligence (AI) and machine learning (ML) are technologies that have helped to push automation to new levels across all areas of business - including security.

Inevitably at some stage in the security journey, organisations will have heard how these technologies can help them to keep their company more secure, more streamlined, and less overwhelmed by billions of security threats.

However, this rhetoric only looks at one side of the proverbial coin. In fact, cybercriminals are taking advantage of those very same technologies to automate their attacks, too.

AI, ML, and automation all make up the new security battleground, and these technologies are evolving just as quickly on the attack side as the defence side.

According to Sophos’ 2021 Threat Report, many threat attackers continue to invest in ransomware in terms of innovating the technology - and their own motives. There is more collaboration amongst threat actors in the criminal underground, who operate more like ‘cybercrime cartels’ than distinct threat groups, the report notes.

2020 presented many opportunities for cybercrime as the world explored the challenges of working from home. Further, cybersecurity professionals were mobilised into a ‘rapid reaction’ force to stop threats that relied on any type of COVID-19-related social engineering that could penetrate employees’ networks.

The report notes, “Ransomware operators pioneered new ways to evade endpoint security products, spread rapidly, and even came up with a solution to the problem (from their perspective) of targeted individuals or companies having good backups, securely stored where the ransomware couldn’t harm them.”

“But what appeared to be a wide variety of ransomware may not be as wide as it seems. As time went on, and we investigated an increasing number of attacks, Sophos analysts discovered that some ransomware code appeared to have been shared across families, and some of the ransomware groups appeared to work in collaboration more than in competition with one another.”

In other words, threat actors are finding new ways to dodge smarter security systems, but the base code still remains similar to what has been spotted in current (or past) ransomware types.

Sophos’ previous Threat Report indicated that automation is being used in the early attack stages to access and control their target environment. This happens before attackers make patient and strategic evasion move to attack endpoints. 

Attackers also compromise the integrity of machine learning-based security systems by ‘string-stuffing universal bypass attacks’, which essentially means that machine learning systems accept the very malware they were designed to fend off.

Some other forms of machine learning malware can detect sandboxes, which means it can be difficult to analyse or reverse-engineer these threats.

Download the Sophos 2021 Threat Report here.

Story image
Endace and Corelight step in to enhance incident response workflows
Endace and Corelight have entered into a strategic partnership to deliver security teams with insights and detailed forensic data to further enable rapid incident response.More
Story image
ExtraHop reveals methods used by attackers in SUNBURST breach
The network detection and response company says between late March and early October 2020, detections of probable malicious activity increased by approximately 150%, including detections of lateral movement, privilege escalation and command and control beaconing.More
Story image
Millions of email attacks missed by organisations’ cyber security protection
"While organisations have invested in protection against email threats, many of these attacks slip through gateways, landing in users inboxes."More
Story image
Microsoft, Facebook and PayPal most impersonated brands during phishing attacks
Microsoft has maintained its position as the brand most often found in phishing emails, followed by Facebook and PayPal.More
Story image
Research reveals increase in critical, low complexity vulnerabilities
2020 saw a large spike in physical and adjacent vulnerabilities, likely due to the proliferation of IoT and smart devices in use and being tested by researchers.More
Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More