First, Polymorphic, Intelligent, Fully Autonomous AI Malware is the Shape of Future Threats
Adversarial infrastructure detectors and thwarters at HYAS Infosec have produced a prototype of future AI-enabled threats. Its EyeSpy proof-of-concept (PoC) is an entirely new type of polymorphic, fully autonomous malware that employs AI to make informed decisions and synthesize its capabilities as needed in order to launch highly effective cyberattacks while continuously morphing to avoid detection.
EyeSpy stems from HYAS’ ongoing research to help ensure that the company’s protection platform “sees around corners” to defend against future AI-enabled malware, much as the Company’s AI-synthesized, polymorphic malware BlackMamba PoC did.
EyeSpy reads its target environment and independently determines available attack vectors. It then generates, tests and adapts attack malware until it achieves attack goals.
“This is the nightmare situation that we knew was coming, and now it’s here,” confirms Todd Graham, Managing Partner, M12. “There is no doubt this is the next threat landscape and the new theater of war. HYAS is developing the type of technology we will need to defend against the next generation of cyber-attacks and warfare, and it is essential that the industry as a whole prepare to combat this level of fully autonomous, AI-synthesized, polymorphic attack frameworks.”
With today’s early versions of generative AI, EyeSpy exemplifies what may come by:
- Selecting its intended victim independently or through a threat actor’s specification
- Assessing the target environment, platform, applications and environmental footprint
- Identifying optimal vectors to extract information
- Writing malware on the fly – for example, if a target is on a specific video conference app, it will compose, test & validate the malware for that app
- Executing the attack
- Analyzing the QA result
- Self-repair and continued attack iteration until it has achieved the attacker’s goals
Security Mindsets Analyst Charles Kolodgy endorses HYAS research, noting: “I have seen EyeSpy demoed. The nightmare scenario where malware can autonomously respond to its environment is a reality. With EyeSpy, HYAS is getting into the adversarial mindset on what’s coming in the future and is able to be more predictive on what we’ll be facing.”
“We spend a lot of time modeling and theorizing what sort of attacks might hit us, and in response, what sort of defenses we need to build against them because it’s imperative that our defensive technologies evolve to keep up with how AI will affect security,” said HYAS CEO David Ratner.
He considered, “What if threat actors used AI tools to create malware that could reason and act on its own while continuously refining its code in response to its targeted environment and evading detection? We could assume threat actors were likely already doing this. To sustain and advance our adversarial detection, we had to move, and quickly.”
EyeSpy catapults cybersecurity watchers into a future where intelligent, autonomous entities will be part of the cyber warfare landscape – a future replete with adaptive entities with evolving strategies, making its class of malware an ever-present, dynamic threat that evades detection.
David Mitchell, HYAS CTO, said the goal in creating EyeSpy was enabling “cybersecurity professionals to train the way they’ll have to fight and to engineer security stack solutions that can defend against and mitigate even the worst emerging threats – before their destructive power can be brought to bear.”
“Analysts have speculated that smart malware is on the horizon. Well, the future is now,” according to Security Mindsets researcher and former NSA cyber expert Charles Kolodgy, Principal at Security Mindsets.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.