You can go through the blog post by Skylight Cyber researchers for additional information. Our research and development teams have identified a solution and will release a hotfix automatically to all customers running current versions in the next few days,” the team wrote in a blog post. We have verified there is an issue which can be leveraged to bypass the anti-malware component of the product. “ We are aware that a bypass has been publicly disclosed by security researchers. The Cylance team have now confirmed the global bypass issue and will release a hotfix in the next few days. He states, “This is why we have good reasons to be concerned about the use of AI/ML in anything involving humans because it can easily reinforce and amplify existing biases.” Martijn Grooten, a security researcher also added his views to the Cylance Bypass story.
#COMPANIES LIKE CYLANCE ANTIVIRUS CODE#
Gregory Webb, chief executive officer of malware protection firm Bromium Inc., told SiliconAngle that the news raises doubts about the concept of categorizing code as “good” or “bad.” “This exposes the limitations of leaving machines to make decisions on what can and cannot be trusted,” Webb said. “After around four years of super hype, I think this is a humbling example of how the approach provides a new attack surface that was not possible with legacy. “As far as I know, this is a world-first, proven global attack on the ML mechanism of a security company,” told Adi Ashkenazy, CEO of Skylight Cyber to Motherboard, who first reported the news. This method proved successful for 100% of the top 10 Malware for May 2019, and close to 90% for a larger sample of 384 malware.
The researchers tested against the WannaCry ransomware, Samsam ransomware, the popular Mimikatz hacking tool, and hundreds of other known malicious files. The Cylance engine tagged the files benign and shifted scores from high negative numbers to high positive ones. Cylance is not one of the names that pops up generallyor everwhen considering antivirus options. So, they extracted strings from an online gaming program that Cylance had whitelisted and appended it to malicious files. The researchers suspected that the machine learning would be biased toward code in those whitelisted files. It also whitelists certain families of executable files to avoid triggering false positives on legitimate software. The Cylance engine keeps a scoring mechanism ranging from -1000 for the most malicious files, and +1000 for the most benign of files. The trick works even if the Cylance engine previously concluded the same file was malicious before the benign strings were appended to it. The researchers took advantage of this and appended strings from a non-malicious file to a malicious one, tricking the system into thinking the malicious file is safe and avoiding detection.
How did the researchers trick Cylance into thinking bad is good?Ĭylance’s machine-learning algorithm has been trained to favor a benign file, causing it to ignore malicious code if it sees strings from the benign file attached to a malicious file.
0 kommentar(er)
