Security researchers at Skylight Cyber have discovered a way to bypass a Machine Learning algorithm from Cylance, inserting code from a benign file that’s been previously marked as safe. The algorithm is weighted to automatically trust this code, so will mark files containing it as safe, even if they contain malware or have been identified as malicious in the past.
Experts Comments:
Gregory Webb, CEO at Bromium:
“This really draws into question the whole concept of categorising code as ‘good or bad’, as researchers were able to just rebadge malware with strings from an online video game to trick the system into thinking the malicious file is trusted. This exposes the limitations of leaving machines to make decisions on what can and cannot be trusted. Ultimately, AI is not a silver bullet, it’s just the latest attempt to do the impossible – i.e. predict the future. While AI can undoubtedly provide valuable insights and forecasts, it is not going to be right every time and could be fallible; ultimately predictions are just that, predictions, they are not fact. As this story shows, if we place too much trust in such systems ability to know what is good and bad we will expose ourselves to untold risk – which if left unattended could create huge security blind-spots, as is the case here.
“It’s time for organisations to fundamentally re-examine their approach to security, find out why their current tools still fail to protect, look beyond compliance and detection, and invest in innovative protection solutions that puts them strategically ahead of the attackers. In particular, we need to move away from models of prediction and detection towards providing protection at the point of need by incorporating application isolation into layered security defenses to deliver a last line of defense – as all threats are contained, even if a malware executes then the hacker has nowhere to go and nothing to steal, rendering it harmless. This allows teams to move away from worrying about whether code is ‘good or bad’ while ensuring company assets are secure.”
Kevin Bocek, VP Security Strategy & Threat Intelligence at Venafi:
“Security researchers have known that next-gen AV can be tricked for quite a while; in particular we know the code signing certificates allow a wide range of malware to evade detection. This is the reason that Stuxnet – which also evaded AV detection – was so successful, and it is used in many malware campaigns today. This research should serve as a reminder to security teams that cyber criminals have the capability, and desire, to evade next generation AV tools. We should all expect to see similar vulnerabilities in the future.”
