3 December 2016

McAfee: Machine Learning a Key 2017 Tool for Socially Engineered Hacks

Tara Seals

Security is an arms race, and cybercriminals are fine-tuning their methods with the help of machine learning and artificial intelligence. Researchers believe that 2017 will see a golden age of these tools enhancing social engineering approaches to make them more dangerous than ever before.

McAfee Labs’ 2017 Threat Predictions Report notes that, looking to 2017 and beyond, we will see purveyors of data theft offering “target acquisition as a service” built on machine-learning algorithms, which will be used to accelerate and sharpen social engineering attacks in 2017.

According to Eric Peterson, a researcher at McAfee Labs, there are a plethora of public sources of data required to build and train malicious machine learning algorithms—plus, the tools needed to perform the complex analysis behind target selection are readily available.

“We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks in 2017,” he wrote in the report. “In 2016, we have seen enthusiasts and professional data scientists teach machines how to write Shakespearean sonnets, compose music, paint like Picasso, and defeat professional Go player Lee Sedol. The learning period has become shorter, and accessibility for everyone, including cybercriminals, has never been better.”

The report notes that in 2016 alone, there have been breaches involving 30,000 US Department of Justice employees, 2.2 million patient records from 21st Century Oncology, 1.5 million Verizon Enterprise Solutions customer records, and nearly 150 million accounts leaked from major email providers including Yahoo, Hotmail and Gmail. The data from many of these breaches has been commoditized and sold in open markets, as is the case with leakedsource.com, which claims to have a little more than two billion records in their database.

“Between social media information, stolen data warehouses and publicly disclosed business information, attackers have access to more than enough data to train predictive models to identify high-value targets,” Peterson said.

Machine learning’s value can be seen in the FBI-labeled business email compromise (BEC) scam, otherwise known as whaling. Threat actors target CEOs, CFOs and other individuals with financial responsibility within a business and, through skillful social engineering, dupe the individual into transferring funds into a fraudulent bank account. In some cases, the attacks have even coincided with business travel dates for executives, with the intent of increasing the odds of the scam’s success.

According to the FBI, more than $3 billion has been stolen, with victims in all 50 states and 100 countries from such attacks.

“We believe that cybercriminals are leveraging machine learning to target victims for BEC and similar scams,” Peterson said. “Cybercriminals know that sending a well-crafted email to a financially responsible team member, purporting to be from a leader of an organization and indicating urgency, results in a meaningful success rate in completing fraudulent transactions. A number of environmental factors leading up to the execution of the attack increase the probability of success. From the attacker’s perspective, valuable insight can be gained from answering basic questions that may be available from the public domain: Are there indications of fracture within the organization? Have there been recent SEC filings in preparation for acquisition or divestiture? Are there correlations between social media posts indicating movement from multiple employees from one organization to another? Have there been strategic discussions sent to or from personal or private addresses? Responses to each of these types of questions can be represented as feature vectors for machine learning algorithms.”

With time and diligence, a model for successful execution of fraud can be developed and used to predict the success of future attacks.

In addition to the machine learning predictions, McAfee Labs' 2017 Threats Predictions run the gamut, including threats around ransomware, sophisticated hardware and firmware attacks, attacks on smart home internet of things (IoT) devices and an increase in cooperation between industry and law enforcement. The predictions include:

1. Ransomware attacks will decrease in volume and effectiveness in the second half of 2017.

2. Windows vulnerability exploits will continue to decline, while those targeting infrastructure software and virtualization software will increase.

3. Hardware and firmware will be increasingly targeted by sophisticated attackers.

4. Hackers using software running on laptops will attempt “dronejackings” for a variety of criminal or hacktivist purposes.

5. Mobile attacks will combine mobile device locks with credential theft, allowing cyber thieves to access such things as banks accounts and credit cards.

6. IoT malware will open backdoors into the connected home that could go undetected for years.

7. Fake ads and purchased “likes” will continue to proliferate and erode trust.

8. Ad wars will escalate, and new techniques used by advertisers to deliver ads will be copied by attackers to boost malware delivery capabilities.

9. Hacktivists will play an important role in exposing privacy issues.

10. Leveraging increased cooperation between law enforcement and industry, law enforcement takedown operations will put a dent in cybercrime.

11. Threat intelligence sharing will make great developmental strides in 2017.

12. Cyber-espionage will become as common in the private sector and criminal underworld as it is among nation-states.

13. Physical and cybersecurity industry players will collaborate to harden products against digital threats.

No comments: