Machine learning is one of the most intriguing developments in the world of technology has seen so far. Unfortunately, there are limitations as to what this technology can do. A new update to the popular Cerber ransomware successfully evades machine learning techniques to remain undetected. A very disturbing development, as it goes to show how criminals continue to outsmart security experts
Even Machine Learning Can’t Block Ransomware
Finding a solution to keep ransomware off computers has proven to be far more difficult than initially assumed. Computer users with a level-headed approach are least likely to encounter malware types, yet there is always a chance ransomware infection will occur. Finding the right software solution to deal with such an attack is virtually impossible.
Security researchers were fairly confident machine learning-based tools would provide a solution. That does not appear to be the case, as a new version of Cerber ransomware has successfully evaded machine learning-based detection systems. Cybercriminals have once again raised the bar, and security researchers have to go back to the drawing board.
It is evident cybercirminals are closely monitoring the efforts made by security experts to fight ransomware attacks. It is the first time such a sophisticated direct response to changes in the malware detection sector have become apparent. In a way, this goes to show machine learning-based detection systems are seen as a legitimate threat by online criminals, yet bypassing these tools seems to be a trivial matter.
To put this into perspective, the updated Cerber ransomware separates different stages of its malware into multiple files, which are all dynamically injected into a running process. This method allows the ransomware to remain undetected. Even when Cerber is distributed through email attachments, machine learning-based countermeasures are incapable of detecting the malware in question. The loader for this updated ransomware strain ensures it is not running in a protected environment before injecting the full binary into active computer processes.
For static machine learning tools, this becomes quite a problematic scenario. Detecting the individual pieces of Cerber is virtually impossible. Without these tools analyzing the fragments of Cerber, the machine learning-based tools fail to flag the code as potentially malicious. Static machine learning evaluates the content of a file, yet will not detect part of the Cerber code unless it is put together into its final form.
This new discovery will only dissuade even more companies from stepping up their malware protection tools. Very few companies believe machine learning and AI will make a big impact, and so far, they are proven right. Developing new tools takes trial and error runs, yet the tools remain to be far more flawed than originally assumed. A lot of work remains to be done, that much is certain.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.