AI-based endpoint protection (EDR or AV) can be fooled a.k.a. our AI is bigger than yours
By Arie Fred, VP of Product, SecBI
Last week, security researchers announced to the world that they have managed to outsmart one of the most popular EDR (endpoint detection and response) products in the world using AI. Cylance has since then outlined protective measures to safeguard its customers.
The researchers used a video game code to create what they described as a “universal bypass” exploit. After a careful analysis of CylancePROTECT’s engine and model, they found that the security solution had a demonstrated a “bias” for a popular game. The AI model’s bias was the result of the endpoint product whitelisting certain executables from the video game. The researchers extracted strings from the game’s main executable and added them to the end of the malware files to make them look harmless. And it worked. The product failed to detect almost 90% of the 384 malware programs that researchers amended with the gaming code.
While this technique was specifically meant to work on Cylance, the researchers warn that malicious actors could similarly analyze other AI-based malware detection solutions for weaknesses or biases, and devise ways to bypass them. Even though Cylance disputes these findings in their blog, one cannot help but wonder, if this exploitation method is valid, then it could be adapted to bypass other EDR products. Looking at the way EDR products work, it’s not surprising to find out that they could be bypassed.
EDR solutions, even though superior to traditional AV (anti-virus) solutions, work in a similar manner. They both try to identify a file and determine if it’s malicious or not. This is a serious limitation that makes EDR unable to detect file-less malware that does not write any part of its activity to the computer’s hard drive. One example is Living-off-the-land (LoTL) attacks that leverage pre-installed software, with no additional binary executables installed onto the system by the attacker. It also makes EDR prone to manipulation, given that the identification algorithm is known to the attackers and they can buy any EDR and test this until they understand the AI mechanism until they find a way to bypass it.
Therefore, the solution to these clever attack mechanisms can only be based on post-infection detection incorporating multiple data sources. The malicious file will find its way to the endpoint, but then will have to communicate with the outside world to download its payload or to exfiltrate data.
Analyzing the communication between infected machines and the outside world is no simple task. Just as these malwares are conniving in their deployment techniques, they are master of disguising their communications. They will communicate at different times with different servers/IP addresses. They will send and receive fractures of data (and by no means, any executable file). If they realize their activity is about to cross a certain threshold and risk exposure, they will stop for a prolonged time or even “sacrifice” a specific endpoint to ensure that the entire operation remains undetected. To identify such clever activity without a discernable pattern, requires the use of machine-learning algorithms that can process massive amounts of data generated by months of activity, detecting hidden malicious patterns within this timeframe. SecBI’s algorithms does exactly that, and by doing so, presents the human analyst with the entire storyline of activity, from infection to execution.
No doubt that Cylance will fix its vulnerability, but no matter how advanced an EDR product will be, hackers will find ways to bypass it. The identification capabilities of SecBI Autonomous Investigation™ technology are required to enable swift detection of the malware missed by endpoint protection.