It turns out that the theory of evolution applies to malware. New vulnerabilities may emerge, but the malware that exploits them doesn’t advance too much from attack to attack. And that’s a good thing, since ransomware attacks such as WannaCry are becoming much more common.
The slow evolution of malware is a big reason why Cylance Inc., a cybersecurity firm based in Irvine, Calif., said in a webinar last week that its security products were able to predict 18 months in advance, and then prevent WannaCry from infecting any of its customers’ computers. They refer to this as temporal predicative advantage, which is a measurement of the amount of time in days ahead of the first industry report that exposes a new campaign (or a significant variant of a campaign), by which Cylance’s AI successfully predicted and would have prevented that threat, using an offline local prediction algorithm.
“[We] tested the November 2015 version of Cylance PROTECT against one of the first WannaCry releases … and that model was able to detect and quarantine it,” said Chris Quinn, director of federal sales engineering. “Our technology was way ahead of this threat. We can’t predict what may be created in the future, but we do know there are only so many ways for the platforms we support [to be attacked], and what attributes are likely to be present.”
The likelihood of a ransomware attack is growing, Quinn said. What is happening now is the development of a market in ransomware-as-a-service (RaaS).
Some of the RaaS products now available even offer a full range of services – the ransomware itself, the delivery vehicle, the vulnerability the vehicle will exploit, and even automation of ransom collection and delivery of the decryption key, Quinn said.
The Satan ransomware package, for instance, is a turnkey solution; it will even suggest what amount to demand as ransom. “They’ve already set how much their commission is, around 30 percent of every bitcoin, and the commission is automatically taken off the top when the ransom is paid,” he said.
As for WannaCry, Quinn said the ransomware is “fairly unsophisticated” compared to other attacks Cylance has seen.
“To me, WannaCry has definitely had a lot of publicity, hit a lot of systems, countries, vertical markets, but it highlights a number of things,” Quinn said. “That unpatched systems exist, and that a fairly unsophisticated attack can be very successful – both of which would seem to imply that a more sophisticated attack can be even more successful.”
As RaaS lowers the price of entry into the realm of cyber attacks and brings ransomware to the people, it’s imperative that federal agencies prepare for this type of future. While they were untouched by the WannaCry attack, Quinn cautioned that this does not mean the federal government is immune from all ransomware attacks. The best course of action in an era where nearly anyone can launch a successful ransomware campaign is to leverage all the data and tools that are available to be able to analyze, assess, to not only prepare, but predict, the likelihood of attack.
Interested in learning more about how WannaCry is no match for AI? You can do that here.