Australian cybersecurity researchers from Skylight Cyber have managed to mark an antivirus engine malware as safe, reports SiliconAngle. The discovery is not good news for cybersecurity companies that use AI as the basis for their product development.
The method used by the researchers works by undermining the algorithm used in Cylance’s PROTECT antivirus system. This is not a modification of the code in the malware, but a so-called global bypass, which means that strings of benign code are added to the malware, so that the algorithm ignores malicious code.
“As far as I know, a proven global attack on a security company’s machine learning mechanism is a world first,” reports Adi Ashkenazy of Skylight Cyber. “After about four years of superhype [about AI], I think this is an example of how the approach provides a new attack surface that was not possible with legacy [antivirus software].
AI not infallible
The discovery is the first proof that this technique works, but the idea of exploiting the weaknesses of AI had been around for a long time. Kevin Bocek of cybersecurity company Venafi argues that security researchers have long known that the next generation of antivirus software could be misled. We know that code signing certificates allow a wide range of malware to escape detection. This is why Stuxnet – which also evaded antivirus detection – was so successful and is used in many malware attacks today.
The researchers’ performance shows that next-gen security software can also be misled, and that AI is therefore not the ultimate technological fix against infection by malware. Gregory Webb of anti-malware company Bromium says: AI will not be infallible. If we place too much trust in the ability of such systems to know what is good and what is bad, we will expose ourselves to untold risks – which, if we do not keep an eye on them, can create huge blind spots in terms of security, as is the case here.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.