The History of Malware
Historically, malware detection would compare static files to libraries of hashes, signatures, and artifacts to see if there was any “known” malicious code. If found, the detection software would work to isolate or remediate it. While content libraries are an important part of cybersecurity history, these (dare we say) antiquated methods have a difficult time keeping up with the web of open source malware code bases, mutated viruses, and unique ways of deploying malicious code. Enter the age of artificial intelligence.
For decades, malware detection used known viruses to essentially train machines to detect that exact virus . However, bad actors (hackers) have figured out a way to circumvent existing security protocols by creating polymorphic ( has the ability to separate upon deployment to avoid detection and then reassemble on the “other side” to execute whatever nefarious action it was intended for) ransomware that older systems haven’t seen before. As a result, they run undetected and proliferate into existing systems without detection for months, if not years.
For example – SolarWinds endured a supply chain attack that was residing undetected in their system for nearly 6-9 months. Four independent malware families (one of which was Teardrop which microsoft said it was absolutely unique code – never seen before) and over 25 variants infected supply chains through the customer of solar winds, costing billions in damage.
The Masterminds Behind The Malware
In the 21st century, there are three primary types of malware actors. Firstly, there are what many commonly refer to as “basement hackers”, who may enjoy hacking simply for the bragging rights and personal sense of accomplishment. Then there are the more serious malware “gangs”, such as REvil (one of the most prominent ransomware providers from Russia), who sell off their malware packages to the highest bidders for use. They infiltrate and corrupt a system, holding important information ransom until they receive excessively high payments usually through cryptocurrency such as bitcoin. These people are hacking for profit, and are potential threats to our industries and critical infrastructures. Lastly there are “theater actors”, ransomware creators that work for a specific company or geographical region such as China or Russia, that target an enemy system. Such actors are equally as threatening if not more as they tend to attack critical infrastructure such as power grids.
Skilled hackers are developing malicious code that outdoes the latest versions of antivirus solutions and patches almost daily. These intricate, polymorphic codes are often changing constantly, meaning traditional cyber security technology won’t detect a future, potentially harmful, version of that code and probably classify it as benign rather than malicious. They only see what’s detectable in the here and now.
The bottom line is – detecting or scanning for known artifacts, hashes, and strings are no longer effective security tools against these new and emerging technologies. A database or repository of these known viruses will eventually catch up, but by then it’s too late. Detection systems need to get smarter and faster.
Deep Learning is the Future
With highly skilled hackers and malware creators working for profit, the industry demands advancement now more than ever – especially when it comes to security. If ransomware is becoming more complex, so must the antidote.
One of the most efficient ways to detect malware is through Deep Learning. Starpoint’s malware detection technology uses deep learning to make it much more difficult for bad actors to circumvent ransomware codes. Essentially, deep learning is the impediment to ransomware creators finding a way around an otherwise successful malware detection technology. Thanks to advanced machine learning, the AI-based Starpoint software learns to look for both known and unknown polymorphic codes and viruses. It looks for the types of threats that are sneaking past the average cybersecurity detectors currently in use.
Playing By The Rules or Playing To Win?
Ransomware attacks are always a good guy vs. bad guy story, and cyberspace is the proverbial stage in which the battle is acted out. While the good guys are playing by the rules, the bad guys are continually developing technology and malware codes to accomplish their malicious goals. Large companies are often the first to fall victim to cyber crimes like this despite their existing systems of protection. The sobering truth is that each of these large companies that suffer a ransomware attack heard in the news actually HAD cybersecurity solutions in place. It just wasn’t smart enough.
Even with well trained coders, project leads, and entire development teams, most businesses can’t produce ransomware remedies fast enough, so they often spend billions of dollars outsourcing technology. This has created a surge in AI cybersecurity startups, with few actually fulfilling their security promises when faced with an attack. The solution to a problem of this magnitude needs integratable intelligence with a side of reliability.
Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Starpoint is built to investigate the common fundamental level of file storage – binary data. Through our patented data science and Deep Learning AI method, Starpoint is vastly superior at detecting and discovering zero-day threats or other unknown malicious files.
Ransomware code today is designed to change and elude signatures and hashing. The best way to combat an adaptive attack is with an adaptive response. The way we see it, two things need to happen in order to ensure ongoing, reliable security for cyberspace. Firstly, we need to be able to deploy new and inventive technology into large industries without the bureaucracy of the industry itself. In essence it takes too long for smaller companies to integrate into the larger companies that have the greatest reach. The process from ideation to implementation on a grand scale needs to be streamlined and accelerated. Secondly, we need technology that is rooted in outpacing and outmaneuvering the bad actors. Starpoint, anyone?
Falling behind in this race is an insidious issue for the cybersecurity industry. Luckily, AI offers a remunerative solution that promises to keep ransomware coders from winning the war. Step aside, malware detectors. Starpoint is about to take it’s victory lap.