Cybercrime is today an organized industry. It has individuals and businesses specializing in different stages of cyber-attack. There are scouts that identify lucrative targets, programmers to develop malware, infrastructure providers to deliver malware at scale, call centers with social engineering specialists to extort ransom, and ecommerce sites to connect various buyers and sellers of various goods and services.
At the center of most cyberattacks is malware, a piece of software. Thanks to GenAI bad actors can create and obfuscate malware at scale. Thus, today’s malware threat is so significant largely because the hacking industry is organized and is using automation.
“You have more players in the game [and] more industrialization of the attack,” explained Arun Lakhotia, Chief Technology Officer with UnknownCyber, which helps agencies detect and respond to computer viruses and malware that they otherwise would overlook for days or months.
So Much to Screen
Antivirus and sandbox technologies have not kept pace with the sheer number of machine generated code obfuscations, said Lakhotia, who also is a computer science professor at the University of Louisiana at Lafayette. Thus, obfuscated malware is detected by endpoint detection and response systems weeks and months after it has bypassed antivirus defenses and infected its targets.
You can think of antivirus software like Transportation Security Administration (TSA) screenings at the airport, he said. “Loads of people are coming through, and [TSA] needs to check and say, ‘Hey, is this good, is this bad’ all day long…. And they can’t hold up everyone. They must [decide] quickly.” Much as if TSA slows down it can bring an airport to a crawl, so also any sluggishness of the antivirus can make a computer useless.
Thus, if a program looks suspicious the current technologies issue an alert — like a TSA machine beeping when a suitcase needs extra attention — so that a human can investigate. But that shifts the work to people, he said, and alert fatigue becomes a problem.
Malware Genetics
What’s called semantic malware analysis — UnknownCyber’s specialty — is more effective and less burdensome, said Lakhotia. Rather than look at superficial patterns, which hackers can easily manipulate, a semantic approach analyzes the instructions in the code that make it do what it does. In effect it is like looking at the genetic make up of a person instead of their fingerprint or facial profile.
That allows UnknownCyber to recognize machine generated variations of malware. “We are like 23andMe for malware,” said Lakhotia, “We identify not just one malware but all its progeny as well.” Thus, using UnknownCyber an agency can extract genome of the adversaries targeting them to defend even against malware that has not yet been written.
Malware may seem like an insurmountable challenge, said Lakhotia, but “we tamed the problem … to a point where you can manage it with modest resources [and] without significant training.”
This article appeared in our guide, “How to Build a Cyber-Savvy Workforce.” To read more about how agencies are raising their cyber game, download it here:
Leave a Reply
You must be logged in to post a comment.