Malware is being geared to evade AI-based defenses
The latest Cyber Threat Landscape Report out this week from Deep Instinct reveals that bad actors are clearly investing in anti-AI and adversarial attack techniques and integrating these methods into their larger evasion strategy.
It also highlights a change in the way attacks are carried out and says we are now witnessing some groups opting to inﬂict maximum impact over a shorter time span. These short duration attacks are carried out with the goal of damaging data (its confidentiality and availability), destabilizing a business, and impairing business continuity.
This is in contrast to the earlier pattern of attackers looking to stay in a network for extended periods, stealing information, and avoiding detection from security solutions for as long as possible.
"We're seeing a rise in malware and campaigns in general that are specifically geared at evading AI-based solutions, whether based on actual adversarial learning or other evasion methods," says Shimon Oren, VP research and deep learning at Deep Instinct. "These are geared not just to evade security solutions in general, but specifically to evade those that are based on AI or any kind of machine learning implementations, which are a majority of solutions out there."
Among other findings the report notes the faster exploitation of zero-day vulnerabilities. 2021, saw major vulnerabilities being exploited and used within a single day of being disclosed. One notable example of this being the HAFNIUM group which surfaced shortly after Microsoft revealed multiple zero-day vulnerabilities in Exchange.
Threat actors have also been moving to the use of newer languages, such as Python and Go, which are easy to learn but also less likely to be detected by security tools.
The report notes that for many organizations a rapid move to the cloud leads to a risk that misconfgurations or vulnerable, out-of-date components with external API access can be exploited.
The increasing number of threats to Linux systems is highlighted by the report too. "There's a lot of pressure right now building up on Linux and that's something that we absolutely believe is set to continue," says Oren. "Not that Windows threats are going anywhere. In many cases attacking Windows and getting a foot hold in Windows machines and Windows-based environments is going to be a jump point to laterally move to the cloud."
You can read more and get the full report at the Deep Instinct blog.