Cybercriminals Use AI to Attack Businesses

Ransomware operators have pioneered new ways to bypass endpoint security products.



Artificial intelligence (AI) and machine learning technologies have certainly taken automation processes to a new level in all areas of business, including cybersecurity. However, this is only one side of the coin, as cybercriminals also use these technologies to automate their attacks.


Cybercriminals continue to invest in ransomware, according to a new report by cybersecurity firm Sophos. In addition, they increasingly collaborate with each other, creating not pronounced cybercriminal groups, but some semblance of cartels.


2020 has opened up many new opportunities for cybercriminals as the world moves to remote work. In addition, cybersecurity professionals were mobilized into a “rapid response” team designed to stop COVID-19-related social engineering threats that could infiltrate employee networks.


According to the report, ransomware operators pioneered new ways to bypass endpoint security products, proliferated quickly, and even found solutions to the problem of organizations being attacked with reliable backups stored where ransomware cannot reach them.


As for the types of ransomware, in fact, their variety is not as great as it might seem at first glance. As Sophos experts discovered, many ransomware families are based on the same code. Moreover, their operators often do not compete with each other, but rather cooperate.


In other words, cybercriminals are finding new ways to bypass security systems, but the underlying code remains the same.


As previously reported by Sophos, attackers use automation in the early stages of an attack to access and control the attacked environment. Cybercriminals also compromise the integrity of machine learning-based security systems by using "generic string substitution attacks." In other words, attackers trick machine learning systems into accepting the malware they were designed to protect against.


Some other forms of machine learning malware can detect sandboxes, making them difficult to analyze or reverse engineer.

Previous Post Next Post