AI based malware can now outsmart the latest cybersecurity solutions
This is not good
AI and Cybersecurity seem to be close cousins to each other when it comes to competing as to who is more important
Everyday we hear more news of how AI is changing the world along with news of how cyberattacks are getting more and more dangerous
Or in recent times how AI and Cybersecurity are feeding into each other with “AI powered” cybersecurity products all the rage
Unfortunately this is also happening with cybercrime with attackers using the power of AI to enhance their own operations
Take the recent news of a proof of concept from HYAS labs in which they used a large language model (LLM) to create a malware that evades advanced cybersecurity technology
If you are a CISO then I do not blame you for feeling nervous about hearing about this new malware which can be undetected by state of the art cybersecurity solutions !
The attack titled “BlackMamba” uses the same LLM technology that ChatGPT uses but exploits it to create a dynamic keylogger functionality .
BlackMamba: Using AI to Generate Polymorphic Malware
By using LLM to change its attack method every time it executes it is able to evade standard detection techniques and steal valuable data such as usernames, passwords, credit card numbers .. you name it !
But how to get this data out ?
Stealing it is easy but most security solutions are able to detect once malware reaches out to a command and control (C2) server .. and this is where the real beauty of this attack comes
The malware does not use any C2 infrastructure but instead piggybacks onto something which almost every other company uses which is Microsoft Teams.
This essentially makes it invisible to most security solutions that are looking for C2 connections to happen indicating a malware attack.
Once the data is out .. it is pretty much game over for the company with the attacker now able to sell it to the highest bidder on the Dark Web.
The attack is a proof of concept but the researchers claims are backed up by testing this against a leading Endpoint Detection and Response (EDR) platform which was unable to detect it
The researchers (understandably) did not mention the name of the EDR !
What this means for CISOs
ChatGPT and its new version are all great but CISOs need to wake up to the very real threat of how AI can be weaponized and used to supercharge cyberattacks
Having too much faith in solutions like a new shiny EDR and other security products and thinking everything is fine is a major mistake.
As the researchers themselves state
“Traditional security solutions like EDRs leverage multi-layer, data intelligence systems to combat some of today’s most sophisticated threats, and most automated controls claim to prevent novel or irregular behavior patterns, but in practice, this is very rarely the case”
AI attacks are here to stay which is something I have mentioned many many times before and malware leveraging ChatGPT is only the start.
We can expect security products to now start leveraging this technology to detect such attacks but it would be a good idea for CISOs to start learning about these attack vectors and assessing how vulnerable their own environments are.
It would also be wise to integrate data leakage solutions into MS teams to detect patterns that would indicate suspicious activity is going on and if it is being used as a malicious channel
Avoid the shiny security product syndrome and check with your security vendors on how they are planning to protect against these attacks.
We are entering new and dangerous territory here and it is essential for cybersecurity teams to stop thinking about ChatGPT as a cool new fad and see the dangerous implications of this new technology.