“After around four years of super hype, I think this is a humbling example of how the approach provides a new attack surface that was not possible with legacy. “As far as I know, this is a world-first, proven global attack on the ML mechanism of a security company,” told Adi Ashkenazy, CEO of Skylight Cyber to Motherboard, who first reported the news.
This method proved successful for 100% of the top 10 Malware for May 2019, and close to 90% for a larger sample of 384 malware. The researchers tested against the WannaCry ransomware, Samsam ransomware, the popular Mimikatz hacking tool, and hundreds of other known malicious files.
The Cylance engine tagged the files benign and shifted scores from high negative numbers to high positive ones. So, they extracted strings from an online gaming program that Cylance had whitelisted and appended it to malicious files.
#Cylance antivirus reddit code
The researchers suspected that the machine learning would be biased toward code in those whitelisted files. It also whitelists certain families of executable files to avoid triggering false positives on legitimate software.
The Cylance engine keeps a scoring mechanism ranging from -1000 for the most malicious files, and +1000 for the most benign of files. The trick works even if the Cylance engine previously concluded the same file was malicious before the benign strings were appended to it. The researchers took advantage of this and appended strings from a non-malicious file to a malicious one, tricking the system into thinking the malicious file is safe and avoiding detection. How did the researchers trick Cylance into thinking bad is good?Ĭylance’s machine-learning algorithm has been trained to favor a benign file, causing it to ignore malicious code if it sees strings from the benign file attached to a malicious file.
0 kommentar(er)
