In the new found age of Artificial Intelligence, where everything and everyone uses Machine Learning concepts to make life easier, the dark side of the same is can be left unexplored. Cybersecurity is gaining a lot of attention these days.The most influential organizations have experienced a downfall because of undetected malware that have managed to evade even the most secure cyber defense mechanisms. The job just got easier for cyber criminals that exploit AI to empower them and launch attacks. Imagine combining AI with cyber attacks!
All you need to know about DeepLocker
Simply put, DeepLocker is a new generation malware which can stealth under the radar and go undetected till its target is reached. It uses an Artificial Intelligence model to identify its target using indicators like facial recognition, geolocation and voice recognition. All of which is easily available on the web these days!
What’s interesting is that the malware can hide its malicious payload in carrier applications- like a video conferencing software, and go undetected by most antivirus and malware scanners until it reaches specific victims.
Imagine sitting on your computer performing daily tasks. Considering that your profile pictures are available on the internet, your video camera can be manipulated to find a match to your online picture. Once the target (your face) is identified, the malicious payload can be unleashed thanks to your face which serves as a key to unlock the virus.
This simple “trigger condition” to unlock the attack is almost impossible to reverse engineer. The malicious payload will only be unlocked if the intended target is reached. It achieves this by using a deep neural network (DNN) AI model.
The simple logic of “if this, then that” trigger condition used by DeepLocker is transformed into a deep convolutional network of the AI model.
DeepLocker – AI-Powered Concealment
The DeepLocker makes it really difficult for malware analysts to answer the 3 main questions-
- What target is the malware after- Is it after people’s faces or some other visual clues?
- What specific instance of the target class is the valid trigger condition?
- And what is the ultimate goal of the attack payload?
Now that’s some commendable work done by the IBM researchers. IBM has always strived to make a mark in the field of innovation. DeepLocker comes as no surprise as IBM has the highest number of facial recognition patents granted in 2018.
BlackHat USA 2018 sneak preview
- To raise awareness that AI-powered threats like DeepLocker can be expected very soon
- To demonstrate how attackers have the capability to build stealthy malware that can circumvent defenses commonly deployed today and
- To provide insights into how to reduce risks and deploy adequate countermeasures.
To demonstrate the efficiency of DeepLocker’s capabilities, they designed and demonstrated a proof of concept. The WannaCry virus was camouflaged in a benign video conferencing application so that it remains undetected by antivirus engines and malware sandboxes. As a triggering condition, an individual was selected, and the AI was trained to launch the malware when certain conditions- including the facial recognition of the target- were met.
The experiment was, undoubtedly, a success.
The DeepLocker is just an experiment by IBM to show how open-source AI tools can be combined with straightforward evasion techniques to build a targeted, evasive and highly effective malware. As the world of cybersecurity is constantly evolving, security professionals will now have to up their game to combat hybrid malware attacks.
Found this article Interesting? Read the Security Intelligence blog to discover more.