Published Sep 25, 2020 by Xiph
The good guys invented a highly effective weapon in the fight against ransomware, but what happens when it ends up in the hands of the bad guys?
If you’ve never heard of ransomware, here’s the gist. A hacker or hackers invade a device, render it unusable, then refuse to restore its functionality until they receive a ransom, which is usually money. The existence of crude instances of ransomware go back to 1989, but since 2011, a massive spike in ransomware attacks of all kinds and complexities hit the big time and the targets have almost always been organisations, (or individuals within those organisations) whether government entities or corporations or even hospitals, for some sick reason.
In most cases, a successful ransomware attack on an established entity would yield the attacker somewhere in the vicinity of $50,000 USD – and those figures were usually negotiated down from demands for much more. Occasionally, though, things go more to plan. In June, 2017, ransomware took control of 153 Linux servers hosted by Nayana, a South Korean web provider. While hackers demanded $4.4 million, they still managed to walk away with a cool million. Other successful attacks around the world yielded $600,000, $500,000, $400,000 and the list goes on, ad nauseum.
As time went on, the scale and severity of attacks spiked!
In 2018, a new trend hit the Unite States. Hackers began attacking larger and more essential targets in cities such as Atlanta and Baltimore. To give you an idea of scale, hackers found a way to rattle the entire state of North Carolina by disrupting everything from the systems overseeing the collection of parking tickets to the sale of new property. This proved that hackers had the ability to hold ransom over the heads of systems integral to the community – such as infrastructure. Frightening.
So, how do robots come into all of this?
In the fight against ransomware, IT professionals have made some of the best and and noble artificial intelligence and machine learning advances. IT professionals are now able to detect ransomware sooner (sometimes even before it’s unleashed), which means networks are now more secure and corporate and government assets are less vulnerable.
But what happens when hackers meet the robot?
Malware specialist and computer scientist Adam Kajawa, is kept awake at night at the thought of hackers adopting the same AI weapon built to fight ransomware, to increase the powers, prevalence and reach of ransomware. He worries “the whole industry is moving towards A.I. for protection. At the same time, we see a lot of open-source and community-development of A.I. platforms that are more than likely going to be used by cyber criminals” He also warns that by the end of this year, we’re going to see this kind of phenomenon take root in some way, shape or form.
With this new power, what can the robots do?
IT security chiefs are reluctant to share their specific concerns in an increasingly AI-driven world and when you hear those concerns, you’ll understand why. In addition to taking over entire systems that control the way we live and work, the threat extends to the individual’s livelihood.
Deep-fake technology could put the words in the mouths of a corporate executive, instructing a co-worker via video chat that due to time sensitivity, a large sum of money needs wiring from their account to another, after which they will be quickly reimbursed. Not only could the victim never again see their money, but the executive’s identity would be difficult to disprove.
Then there are mass-scale social engineering schemes that could simultaneously convince thousands of corporate assistants to part with confidential, sensitive or personal information that could bring down an organisation. AI could conduct these schemes by creating entirely convincing management profiles by combing LinkedIn, Facebook and other social media platforms. These kinds of bottom-up hacks are the result of AI looking for ‘soft targets’, that is, those most likely to fall for such seemingly official communications.
And now that machine learning has all-but beaten almost any kind of complex CAPTCHA methodology that security experts can invent, access to systems, pages and profiles is easier than ever.
What can I do about it?
Abandon ship. And by that, we mean, escape the radius of the radar by turning to mobile tech that puts security above all else. We scour the globe and source tech that is useless to hackers, whether real or robotic. As time goes on, investing in personal mobile and computer security is going to become more vital.
We can help with that. Visit us at https://shop.ncryptcellular.com.au/
Posted in: Security