Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    IBM Demonstrates DeepLocker AI Malware at Black Hat

    By
    Sean Michael Kerner
    -
    August 8, 2018
    Share
    Facebook
    Twitter
    Linkedin
      IBM Black Hat Deeplocker

      LAS VEGAS—IBM will detail at Black Hat USA here on Aug. 8 a new class of attacks dubbed DeepLocker that uses artificial intelligence to bypass cyber-security protections.

      With DeepLocker, IBM researchers will demonstrate an evasive attack vector that has been developed as a proof of concept. According to IBM, DeepLocker can be used to keep ransomware or other malware hidden from traditional security tools. IBM’s goal with the presentation is not to promote fear about AI, but rather to help organizations start to think about how attackers can use AI and how to minimize risks.

      “DeepLocker malware is fundamentally different from any other malware we are aware of. It uses AI to hide a malicious application in benign payloads,” Marc Ph. Stoecklin, principal research scientist and manager of Cognitive Cybersecurity Intelligence at IBM Research, told eWEEK. “With AI, we can conceal and hide the condition of when the malicious payload is being unlocked, making it almost impossible to reverse-engineer.”

      This isn’t the first time this year that IBM has presented research about the perils of artificial intelligence. At the RSA Conference in April, IBM outlined ways that an attacker could manipulate machine learning models to corrupt results and influence outcomes.

      DeepLocker could be embedded into a legitimate application that is widely distributed, according to Stoecklin. The malware only deploys when certain conditions are met, such as being installed on a particular device or even when a specific end user logs in. The AI component keeps the malware hidden and is used to understand when the benign application is deployed on the right target.

      One potential deployment could be for webcam conferencing technology, where the DeepLocker malware is embedded within a legitimate app. Stoecklin said the malware could be set to deploy, for example, only when it recognizes a particular user is on the webcam.

      Although the potential damage from DeepLocker and AI-powered malware is immense, Stoecklin said that, to date, IBM researchers have not seen attackers using anything like DeepLocker.

      How It Works

      With many forms of malware, there is a need for the code to call out to a command and control node to get instructions or download a payload. By monitoring for those outbound anomalous connections, security technologies can often detect malware, but that won’t work with DeepLocker.

      Stoecklin said DeepLocker is entirely self-contained within the benign application and it does need to call out to the internet to deliver its malware payload.

      Dhilung Kirat, research scientist at IBM Research, explained that IBM wrote custom code and trained the machine learning model beforehand so it would be ready to deploy. Kirat added that many smart applications already integrate machine learning models, and as such it’s possible to hide DeepLocker alongside code that an enterprise would expect to see in an application.

      Remediation

      One way to detect DeepLocker is with some form of behavior-based technology that detects when an application deviates from a known good baseline. Another approach that IBM is conducting active research on is using cyber-deception to trick AI-powered malware.

      Defending against DeepLocker is no easy task, but that’s part of the point of why IBM created the attack and is discussing it at Black Hat USA. Stoecklin said IBM wants to raise awareness in the cyber-security industry about how artificial intelligence could influence the next generation of cyber-attacks.

      “Our mission is to raise awareness that attackers will be evolving their arsenal with AI,” he said. “Many of the traditional defenses won’t be able to detect these new threats, so both the industry and the researchers need to come up with methods for protection.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×