Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

How AI Can Stop Ransomware, Detect Malware and Reduce Risk

Artificial Intelligence (AI), machine learning (ML), blockchain, and virtual reality. Yes, these are all super popular buzzwords, but they are also significant ideas with an incredible number of applications in many industries.

Cybersecurity is just one area where AI and ML are solving many challenges, including worker shortages, increased attacks, and more malware detection than ever before.

According to the AV-TEST Institute, over 600 million new malware files were created every month in 2017. How can humans possibly stay ahead of these threats? The idea that AI can do this job better and faster than humans is scary to many, but it does not need to be.

Rather than discuss the potential negative consequences of how this tool might affect us, I wanted to look at several practical instances where AI is benefitting us today and why you should consider it for your organization, including stopping ransomware, detecting malware, and reducing risk during mergers and acquisitions.

How it Works
Using AI and ML for cybersecurity is a radical and exciting departure from traditional anti-virus (AV) solutions. It creates an immune system for organizations rather than building armor and constantly testing for infections.

Think about it this way: AI works by scrapping constant list updates and identifying malicious files on the spot. By collecting a huge number of good and bad files, we can extract the features that determine what makes a file good or bad, train the math model, and then produce an algorithm that can accurately classify the file for subsequent actions.

Recognizing Malware
Stopping ransomware is just one way AI can protect your organization. In a recent Grey’s Anatomy episode (my wife is a huge fan and asked me to watch it with her), attackers encrypted the hospital’s system using ransomware, shutting off access to the blood bank, medical records, and even equipment, but the hackers were ultimately thwarted.

While there was certainly Hollywood artistic license involved, the point remains that putting out fires is difficult and expensive. AI would have immediately recognized the file as ransomware and could have prevented it from staying on the system, let alone executing. Companies should be wary not only of the cost of the ransom but also of operational downtime during which they are unable to do business.

Had Maersk employed such solutions, they would not had suffered the NotPetya incident, which cost $300 million in downtime After this, Maersk purchased an AI solution to protect them in the future.

In just three years, ransomware went from the 22nd most common form of malware to the 5th most common type. But most attackers would rather gain access to your systems and operate more stealthily. For example, they can download payloads to initiate living off the land attacks. This technique leverages existing applications and memory-based attacks to evade almost all conventional AV software because detecting such activities requires a high volume of contextual information and experience.

AI solutions, however, are able to prevent these fileless attacks by stopping the payload at download. Even if it were to successfully download onto the endpoint, the additional steps of running scripts and running exploits and attacks in memory could be stopped.

Cybersecurity Supports the Business
AI can significantly lower a company’s risk, which is especially important during mergers and acquisitions. These processes require not only financial due diligence but also security and technical due diligence. This involves reviewing the system inventory to determine whether they are infected with malware, how deep these infections are, and the level of risk all of this represents.

Why is this important from a business perspective? In a best case scenario, high levels of risk can give the acquiring party reasons to renegotiate the terms of the agreement, which can lead to a much lower sale price. However, they may likely walk away from the deal altogether. Mergermarket conducted a global executive survey in Q1 2017 and determined that cybersecurity issues (23%) are on par with financial and tax issues (23%) as one of the top three reasons that deals fail, even ahead of compliance issues (18%).

Applying AI to the system would catch malware that has been living and hiding in the infrastructure, not only keeping the sale price high but also saving the organization the costs of remedying any problems.

These technologies are having profound effects on our lives by solving previously unsolvable or at least highly labor-intensive challenges. They give humans the ability to scale themselves and make threat prevention possible by doing what would take an army of analysts hours or days to do in a matter of seconds.

Not all AI products are created equal: consider how long each solution took to build and look beyond the marketing; test each product for yourself. Rather than improve the wheel, AI and ML fly straight to space. The key concept here is that prevention is possible. AI can be used to stop malware and ransomware and deliver a better ROI.

What’s Hot on Infosecurity Magazine?