Threat Management

Criminals look to machine-learning to mount cyber attacks

Cyber-criminals will use artificial intelligence and machine learning to outwit IT security and mount new forms of cyber-attacks, according to predictions made by McAfee.

Speaking at the launch of the IT security company's threats predictions report, launched at its MPower conference held in Amsterdam, McAfee chief scientist Raj Samani said in an interview that criminals will increasingly use machine learning to create attacks, experiment with combinations of machine learning and artificial intelligence (AI), and expand their efforts to discover and disrupt the machine learning models used by defender.

He said that machine learning will “help criminals to speak in a native language when carrying out a phishing attack”. This would improve their social engineering—making phishing attacks more difficult to recognise.

In response, those charged with defending IT infrastructure will need to combine machine learning, AI, and game theory to probe for vulnerabilities in both software and the systems they protect, to plug holes before criminals can exploit them.

Samani also predicted that ransomware will evolve from its main purpose of extortion to something different.

“The growth of ransomware has been much discussed. But in reality, it has blended and morphed into something else. Threat vectors can be a smoke screen. Ransomware [in some attacks] was used to distract the IT department. What we see is a growth of pseudo-ransomware.”

He added that whatever the attack may be, “we'll always be able to tell the motivation, but not immediately”. This distraction attack will be done in much the same way as DDoS attacks have been used to obscure other real aspects of attacks. These could be “spectacular” proof-of-concept with the aim of engaging large organisation with mega-extortion demands in future.

Another prediction for the future surrounds serverless apps. These apps use virtual computing infrastructure provide greater granularity in cloud computing and reduce costs by only making specific function calls, but these are also vulnerable to attack.

“Then there are the new risks. By looking at the URL, we can tell if the request is going to a serverless environment. As a result, it might be possible for an attacker to disrupt or disable the infrastructure from the outside, affecting a large number of organisations,” said the report.

Another risk is the data included in the function call. Because the data is not on the same server that executes the function, it must transit some network and may be at risk of interception or manipulation, according to McAfee.

Samani also warned over greater threats to individual privacy. “we are seeing the value of personal data increase. We are going to see changing terms and conditions of service to enable service providers to collect more personal data which they can make money from,” he said.

“There is an increasing number of devices in the home. What data do they collect? What do they send back? Where is that control point in the home? When they change   policy, would the end user notice?”

Children are also at risk from criminals and corporations invading their privacy.

“Content is being created by children and it is difficult for parents to monitor what kids are doing. We will see more of this data being monetised. WE hope parents will take this seriously.”

Samani said that we need to get a message out to parents. “You need to be aware they have cameras to monitor kids. Are parents fully aware of the implications? They are not aware of incidents when data is compromised.”

He added that companies shift problem back onto parents and this is a concern. “When a device is bought what data is it collecting, what is it doing with that data?”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.