Automated Moving Target Defence: The Key to Al Attacks

Outsmarting Generative Master
April 12, 2024 | Cloud Security
Index
  1. Introduction
  2. The defender's perspective

Introduction

As AI tools like ChatGPT, Copilot, and Bard advance, they pose a heightened risk to security professionals while offering attackers lucrative opportunities. Safeguarding diverse OS ecosystems requires cutting-edge security measures to counter AI-driven threats effectively. However, current security practices often lack the capability to combat the next generation of AI-powered adversaries who leverage machine learning to craft adaptive exploits at rapid pace and scale. Concerns are mounting regarding the ability of generative AI systems to bypass detection and prevention technologies.

A blue text over a city

As AI tools like ChatGPT, Copilot, and Bard become more advanced, they pose a significant risk to security professionals and offer attackers ample opportunities to exploit AI-driven attack techniques.

In the realm of cybersecurity, defending against a diverse ecosystem of multiple operating systems while adopting modern interfaces is paramount. Yet, existing security measures often lack the capability to combat the next generation of AI-powered adversaries who specialize in crafting adaptive exploits at a rapid pace and scale.

Generative AI systems, in particular, raise concerns among infosec professionals due to their potential to increase attack surfaces, evade detection, enhance sophistication, and accelerate attacks’ speed and scale.

The defender's perspective

AI, including machine learning and deep learning, plays a crucial role in modern security products by detecting anomalies, classifying behaviors, and making informed decisions to mitigate threats. However, attackers can leverage AI to automate vulnerability scanning, exploit weaknesses in AI-based security systems, generate new exploits, and enhance social engineering tactics.

To stay ahead of AI-driven threats, organizations must scrutinize the robustness and security of their AI-based systems’ underlying datasets and training sets. They must also protect their systems from unauthorized access and potential weaponization of malicious code injected into AI-based security solutions.

Morphisec has observed sophisticated attacks by well-resourced threat actors, such as nation-state actors and organized crime groups, leveraging AI to automate the creation of polymorphic and evasive malware. Moreover, traditional endpoint security solutions often fall short in detecting and containing breaches, leading to prolonged exposure and potential data exfiltration.

In summary, the evolving landscape of AI-driven attacks underscores the importance of proactive defense strategies and the continuous evolution of cybersecurity practices to mitigate emerging threats effectively.

A computer screen with binary code

It’s time to shift to a new approach in the ongoing battle against cyber threats. As attackers increasingly harness AI to create sophisticated threats capable of evading traditional protection solutions, it becomes imperative to explore alternative paradigms.

In this perpetual arms race, attackers target system resources to execute their attacks successfully. However, by constantly morphing or moving these resources, the likelihood of a successful attack diminishes significantly.

Consider the analogy of a skilled sniper attempting to hit a moving or concealed target. The difficulty of the task increases, and the chances of success decrease as the target remains elusive or in motion.

This is where Automated Moving Target Defense (AMTD) systems come into play. AMTD solutions are designed to thwart advanced attacks by continuously morphing and randomizing system resources, effectively shifting the target.

Morphisec’s prevention-first security, powered by AMTD, employs patented zero-trust technology at execution to proactively block evasive attacks. As applications load into memory, this technology dynamically morphs and conceals process structures and other system resources, deploying lightweight skeleton traps to mislead attackers. As a result, malicious code is unable to access original resources, leading to the failure of the attack and comprehensive logging of attack details for forensic analysis.

Leveraging AMTD provides a proactive defense strategy against generative AI attacks, offering robust protection by constantly shifting the target and thwarting sophisticated cyber threats.

This prevention-first approach effectively halts attacks, even those that have evaded existing AI-based endpoint protection tools, providing an additional layer of defense against sophisticated threats. With AMTD systems in place, information security teams gain valuable time to investigate threats, knowing that their systems are secure. Moreover, AMTD’s deterministic nature ensures the generation of high-fidelity alerts, helping security teams prioritize their efforts and reducing alert fatigue.

Morphisec’s AMTD technology safeguards over nine million endpoints across 5,000 organizations, preventing tens of thousands of evasive and in-memory attacks daily. These attacks, including zero-days, ransomware, and supply chain attacks, are often unknown and first observed in the wild by Morphisec’s Threat Labs team.

Recent examples of evasive threats thwarted by Morphisec include GuLoader, targeting legal and investment firms in the US, and Invalid Printer, a highly stealthy loader with zero detection on VirusTotal at the time of Morphisec’s disclosure. Additionally, Morphisec prevented attacks like SYS01 Stealer, ProxyShellMiner targeting MS-Exchange vulnerabilities, and a new variant of Babuk ransomware.

Morphisec’s AMTD has demonstrated its effectiveness against multiple waves of endpoint protection solutions and attacker tactics, from signature-based AVs to current EDRs and XDRs. As the natural evolution of endpoint protection, AMTD offers genuine security against AI-driven attacks.

According to Gartner, “A layered defense consisting of AMTD obstacles and deceptions significantly elevates an organization’s security posture.” To learn more about AMTD technology and how Morphisec AMTD can safeguard critical systems from AI-driven runtime memory-based attacks, download Gartner’s Emerging Tech: Security — Tech Innovators in Automated Moving Target Defense report.