What Is The True Score of AI VS Malware?
We admit here in hackercombat.com, we are one of the cybersecurity news organizations that somewhat hyped Artificial Intelligence (AI) when it comes to cybersecurity. We wrote numerous articles heralding the “hero” that will save us from the seemingly endless cat and mouse race between discovering a vulnerability that is currently exploited, and the time the vendor issues the patch addressing the vulnerability. We are no different from other tech sites which placed AI as a possible solution to the human labor-intensive process in order to quash software bugs, let alone the security flaws it enables.
IBM Security exposed the world’s dependence on the “hero”, the AI being mistakenly identified by many cybersecurity organizations as a silver bullet of our current cybersecurity problems. Big Blue considers such a premise as bias, indeed, IBM is correct. Seemingly the industry is so used to the intensive labor procedure of fixing a discovered security flaw. It takes humans to discover a bug, report it to the vendor and another unknown period until the latter issues the patch which will quash the bug. That is, of course, is an ideal situation, many of the flaws were discovered, weaponized by cybercriminals without the vendor knowing its existence for weeks, months or even years. It takes a “good samaritan” to finally report the bug with enough details to the developers, who is the only one that can issue a fix.
“One is the algorithm itself. Is it biased in the way it’s approached, and the outcome it’s trying to solve? If you’re trying to solve the wrong outcome, and the outcome is biased, then your algorithm is biased. It’s not like the bad guys are waiting for us to learn how to do this. So, the faster we get there, the better off (we are),” hinted Aarti Borkar, IBM Security’s Vice President.
Antivirus products and End Point services for decades have employed heuristics scanning, which in itself is a crude type of artificial intelligence. Heuristics scanning claims to detect threats that signature-based scanning cannot accomplish, as the latter requires the actual virus signature present in its scanning engine to detect the particular malware. Instead of causing the number of malware to plummet, cybercriminals took the challenge – employing a combination of virus development and social engineering in their campaigns.
Heuristics scanning technologies predates all the current crop of malware we are encountering such as ransomware, cryptocurrency mining malware and stealth banking trojans. Current heuristics from a practical standpoint were unable to disable infection from those mentioned threats. We continue to hear news of local governments operations disabled due to ransomware infections, and all of them paid the steep ransom demand of cybercriminals.
Other than that Artificial Intelligence technologies will continue to improve, maybe in a year or two from now, we will post a follow-up article expressing our happiness as AI becomes truly effective against the campaigns launched by malware authors. Till then, we will continue reporting stories about malware infections, even if that means we will indirectly implicate the ineffectiveness of today’s antimalware software products.