While artificial intelligence (AI) and machine learning (ML) have been transforming various fields of human activity for some time now, their full transformative potential is yet to be realized. AI-based technologies will increasingly help fight fraud, evaluate and optimize business processes, improve testing procedures and develop new solutions to existing problems.
However, like most disruptive innovations, even AI and machine learning will have their drawbacks.
With business, critical infrastructure, as well as our personal lives becoming ever more entwined with the digital realm, new risks will emerge. Attackers can employ AI in multiple ways: to power their malware, to target specific victims and extract valuable data, to hunt for zero-day vulnerabilities or protect hijacked infrastructure such as botnets.
Machine-learning solutions deployed by legitimate organizations can become another attractive target. By creating poisoned data sets, attackers can try to manipulate otherwise beneficial systems to make incorrect decisions or to provide distorted view of the monitored environment, potentially causing chaos.
Misusing ML for translations and targeting
First signs that these scenarios are crossing from theory to reality are already appearing on the radar. One good example are spammers, who have been (mis)using legitimate ML-based translation services to improve their messaging in a wide array of local languages (of course, unless the attackers are sending spam by day, and learning those new languages by night).
Another in-the-wild example that shows AI-like signs is the currently prevalent downloader Emotet, suspected of using this type of technology to improve its targeting. Despite infecting thousands of victims daily, it has become surprisingly effective in avoiding honeypots and botnet trackers.
To achieve this, Emotet collects telemetry of its potential victims and sends it to the attacker’s C&C server for analysis. Based on these inputs, the malware not only picks the modules included in the payload, but also distinguishes human operators from virtual machines used by researchers.
Similar self-defense mechanisms would be very complex and expensive and Emotet’s operators would have to invest extraordinary resources to achieve the malware’s current abilities without utilizing machine learning.
Not enough layers, not enough security
Tampering with the ML model by feeding it poisoned inputs – aka adversarial machine learning –– is another risk that will become more pressing in the future, especially in the cybersecurity field. If less-advanced, purely ML-based scanning engines were fooled into incorrect decisions by attackers, it could diminish the security of the victim company and potentially cause serious damage.
ESET has over 30 years’ experience specializing in cybersecurity and more than 20 years of focus on machine learning implementations. This makes our experts more than able to build a robust, resilient and cutting-edge machine learning engine.
Integration of this ML engine into our cloud reputation system, ESET LiveGrid®, has made the benefits of this technology available to all our customers, including regular users as well as companies of all sizes. Enterprises might also consider ESET Dynamic Threat Defense, providing another layer of security by utilizing a cloud-based sandboxing technology to detect new, never before seen threats.
However, ESET is aware that machine learning is no silver bullet and that the risks of adversarial machine learning will grow with time. To avoid such potential issues ESET ML is integrated within an array of highly effective detection technologies such as DNA Detections, Advanced Memory Scanner, Network Attack Protection and UEFI Scanner. We believe that only multilayered solutions can offer reliable protection from ever-developing cyberthreats.
Author: Juraj Jánošík, Head of AI/ML Team
About ESET
For 30 years, has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from the endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit or follow us on , , and.