Story image

Machine learning is a double-edged sword for cyber security

08 Oct 2018

Machine learning (ML), usually oversold as artificial intelligence (AI), presents a double-edged sword for businesses, because, while it provides cyber security advancements, it can also give cyber criminals an advantage. 

While malware researchers use ML to better understand online threats and security risks, adversaries can use it to become harder to detect, and more targeted or successful in their attacks. 

IT departments and security decision-makers need to understand the complexity of ML in cyber security, and how to strike a balance between risk and reward. Security professionals need to stay one step ahead of savvy cyber criminals and optimise ML in unique and effective ways that cybercriminals can’t, according to ESET. 

ML, as a subcategory of AI, has already triggered radical shifts in many sectors, including cyber security. ML has helped security developers improve malware detection engines, increase detection speeds, reduce the latency of adding detection for entirely new malware families and enhance abilities to spot suspicious irregularities. These developments lead to higher levels of protection for organisations against advanced persistent threats (APTs), as well as new and emerging threats. 

With that being said, cyber security professionals are beginning to recognise that AI/ML is limited in its capacity to combat online threats and that the same advanced technologies are readily available to cyber criminals. According to an ESET survey, the vast majority of IT decision-makers are concerned about the growing number and complexity of future AI/ML-powered attacks, and the increased difficulty of detecting them. 

For example, in 2003, the Swizzor Trojan horse used automation to repack its malware once every minute. As a result, each of its victims was served a polymorphically-modified variant of the malware, complicating detection and enabling its wider spread.

Two-thirds of the almost 1000 IT decision-makers surveyed by ESET agreed that new applications of AI/ML will increase the number of attacks on their organisations, while even more respondents thought that AI/ML technologies will make future threats more complex, and harder to detect (69% and 70% respectively). 

Nick FitzGerald, senior research fellow, ESET, said, “Amongst the recent hype regarding AI and ML, many organisations and security decision-makers fail to realise that these tools aren’t reserved for responsible, constructive use. Technological advances in AI/ML have an enormous transformative potential for cyber security defenders, however, cyber criminals are also aware of these new prospects. 

“Cyber criminals might, for example, adopt ML to improve targeted attacks and thus become more difficult to uncover, track and mitigate. Cyber security developers can’t rely on ML to fight online threats when hackers are using that same technology. They must be realistic about the limitations of ML, and understand the consequences these advancements can have.” 

While ML isn’t a silver bullet cure to cyber attacks, it is being effectively and smartly incorporated into anti-malware protection products to improve detection of ever-evolving online threats.

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."