Malware has always been a fight between the white hat and black hat hackers. “White hats” are people with in-depth knowledge of hacking and malware who use their smarts to protect others from harm. “Black hats” are the very people white hats are defending the public from: malicious developers seeking to make a strain that sneaks past security.
In the fight between the two sides, the most recent weapon of choice has been the use of AI. White hats, for example, can use AI as a means of intelligently detecting attacks. While regular antivirus simply check all incoming connections as per a preset list of rules, an AI antivirus could, theoretically, stop an attack without prior knowledge of it. That’s not to say the black hats have been totally eclipsed by this development – in fact, they’re using AI in their own sieges on the computer world!
What Is DeepLocker?
To start, it’s useful to know that DeepLocker isn’t a “real” piece of malware. It’s “real” that it exists as a program, but it’s not currently being spread around the Internet. That’s because it was developed by IBM, who showed it off at the Black Hat USA 2018 conference to demonstrate a potential avenue that malware can take in the new future.
While viruses are used to focus on causing as much damage as possible, modern-day hackers know that their efforts are better spent making strains that turn a profit. This is why the more prolific malware strains these days are ransomware and bitcoin miners; both of these make the attacker some significant coin when done correctly. DeepLocker aims to do something similar but uses AI to ensure it strikes the right people.
How DeepLocker Works
This strain of malware by IBM uses the WannaCry ransomware as its main payload. DeepLocker’s objective was to hit a specific person’s computer via a video conferencing app. While regular malware would have to infect every PC it can and hope it gets lucky when infecting the intended target, DeepLocker took a more assassin-styled approach that singled out only the victim, sparing anyone who didn’t fit the criteria.
The demo showed DeepLocker infecting each computer that used the video conferencing app with a dormant strain of WannaCry. Unlike the original WannaCry malware, this particular strain did not activate straight away, instead laying dormant on the hard drive. The moment it received a key from the main DeepLocker malware, it springs into action and locks down the computer.
Once everyone’s computer had been infected with a dormant strain of WannaCry, DeepLocker then went to check which machine belonged to its target. It did this by looking through the front-facing cameras of each user’s laptop and used facial recognition technology to find out who was who. When it found a match for the person it was targeting, it gave the key to the malware installed on that machine, which triggered the attack.
This is a particularly shocking development in malware and could easily be heralded as something that once only existed in science-fiction movies. This personal attack, however, is the hacker’s next step in ensuring they strike the right people with their malware – namely, those who have the money and the desire to pay should their computer get locked down by ransomware.
What It Means for Users
With this new development in malware technology, one question arises: what does this mean for us as users?
As you can see in the above example, the traditional “carpet bomb” tactics could eventually develop into more specialised headhunting malware. As such, it might result in less infections of the average user as hackers try to target the rich and wealthy to extract money from them.
Regardless of whether you’re a potential target or not, AI-driven malware is certainly a worrying prospect. Thankfully, the tactics to avoid it are the same: keep the antivirus updated and don’t download anything from suspicious sources. DeepLocker needed an infected program to operate, so don’t let similar software install itself on your computers!
As hackers move toward profit-based ventures over wanton destruction, their malware is becoming more and more picky on who it attacks. Now you know about the test malware DeepLocker and how AI can shape viruses in the future.
What do you think of AI-driven malware? Is it a very real threat or simply a novel idea with no real-life practicality? Make your point below!
Image credit: IBM on Flickr