AI Driven Malware: DeepLocker at DEFCON

[FrgMstr]

We get some firsthand information from our security man on the ground from DEFCON. Thanks to SCHTASK for the writeup!

Of the many briefings I attended at the Blackhat / Defcon conferences of last week, the Deeplocker Briefing presented by IBM resonated with me the most. AI driven technology has been a mainstay marketing point for most "Next Generation" security platforms. If I had a nickel for everytime I heard "Deep Learning / AI driven security" in the last two years I'd be a rich man.

But what happens when the tables are turned and AI is used for malicious means? Researchers at IBM have an idea... Introducing: DeepLocker.

Full story on the news page......


Check out the video.

 

[Incontentia Buttocks]

We are so boned.

 

[HeadRusch]

Not worried, I'll see that enormous glowing key coming a mile away. #FutureProofed.

 

[theplaidfad]

Awesome. This combined with our obsession with handicap access will be the end. Wait... can robots climb stairs yet?

 

[Deleted member 93354]

The fact wannacry wasn't found means the signature used to detect wannacry was altered so that it wouldn't found. This makes it a new variant. It is entirely possible that the payload was randomly encrypted (done with each distribution to hide execution) but in the end anti-virus firms look for decoders and analyzer the fuzzed code as it comes out of encrypted payload.

So all they effectively did at best was create a wanna cry variant that will be caught once the new decrypted payload gets intercepted by a new signature.
*sighs*

 

[velusip]

IBM will probably get blamed/fined for realworld examples in the near future. Not that they should, but that people are nuts.

 

[Schtask]

The fact wannacry wasn't found means the signature used to detect wannacry was altered so that it wouldn't found. This makes it a new variant. It is entirely possible that the payload was randomly encrypted (done with each distribution to hide execution) but in the end anti-virus firms look for decoders and analyzer the fuzzed code as it comes out of encrypted payload.

So all they effectively did at best was create a wanna cry variant that will be caught once the new decrypted payload gets intercepted by a new signature.
*sighs*

Not exactly. You can change a malicious signature just by XORing some pointers...You don't neccessarily create a new variant when doing that as the functionality remains exactly the same. To boil it down even further... The payload doesn't matter as it is not actively producing a behavior on the target. Signatures, hashes, memory analysis, file analysis, behavior...None of that matters because the payload is hidden within a benign carrier and locked behind trigger conditions that are nearly impossible to guess. Not just that, but the DNN actively protects the payload so that it doesn't get detected. As far as AV and the rest of the monitoring world are concerned, it's just an app behaving like an app. Does an AV continuously scan "known good" applications that are already running? Some do. Many don't to save resources.

Outside of file hashing (easily defeated) how would an AV flag a behavioral check on a payload if the payload isn't running at all? If the malware is looking for a specific persons face before unlocking the payload, how would an anti-virus know the trigger condition? It wouldn't. Neither would a malware reverser. Sandbox wouldn't get it either unless the person running it was the target to begin with. There's no memory to analyze because the payload isn't launched until a trigger condition is met. There's no file drops, registry changes, or new processes until the trigger condition is met either. Now a behavioral AV like Cylance could detect a malicious payload after Deep Locker executes it for sure....but if you're using an AI driven malicious payload obfuscation tool, why would you waste it on a payload that has identifiable and previously recorded signatures? Awesome for zero day attacks though for sure. Reversers would be tearing out their hair.

 

[Deleted member 93354]

Not exactly. You can change a malicious signature just by XORing some pointers...You don't neccessarily create a new variant when doing that as the functionality remains exactly the same. To boil it down even further... The payload doesn't matter as it is not actively producing a behavior on the target. Signatures, hashes, memory analysis, file analysis, behavior...None of that matters because the payload is hidden within a benign carrier and locked behind trigger conditions that are nearly impossible to guess. Not just that, but the DNN actively protects the payload so that it doesn't get detected. As far as AV and the rest of the monitoring world are concerned, it's just an app behaving like an app. Does an AV continuously scan "known good" applications that are already running? Some do. Many don't to save resources.

Outside of file hashing (easily defeated) how would an AV flag a behavioral check on a payload if the payload isn't running at all? If the malware is looking for a specific persons face before unlocking the payload, how would an anti-virus know the trigger condition? It wouldn't. Neither would a malware reverser. Sandbox wouldn't get it either unless the person running it was the target to begin with. There's no memory to analyze because the payload isn't launched until a trigger condition is met. There's no file drops, registry changes, or new processes until the trigger condition is met either. Now a behavioral AV like Cylance could detect a malicious payload after Deep Locker executes it for sure....but if you're using an AI driven malicious payload obfuscation tool, why would you waste it on a payload that has identifiable and previously recorded signatures? Awesome for zero day attacks though for sure. Reversers would be tearing out their hair.

i agree with you there are simple modifications to mask the signature. However there are static elements to the code which can have a signature attached once it is detected.

And when anti virus apps have heuristic analysis of running apps is on, they do scan everything the app does. Just because it's white-listed during the scan and download doesn't mean it's forgotten. Anti viruses pay attention especially when there seems to be a large number of file accesses to unrelated files. When an app executes it pays attention to what services it uses, and which directories it accesses. If it's an unknown app, it's operating characteristics get logged. If a newly installed app Y tries to access services and directories that are already covered by app X, then it gets flagged and sent for analysis. Especially if said app tries to override certain core features.

To combat against this and wanna cry variants, anti-virus firms like BitDefender auto lockdown certain folders you select and new apps can't access them until you give the thumbs up. The reason I know this is because Roblox Studio won't get access to my documents folder as they keep installing new variants and Bit Defender goes "I can't allow you to do that Dave" (Much to my young son's frustration when he's scripting something and trying to make movies)

 

[modi123]

I'll wait for the jilted lover variant of the virus.. so anytime someone's ex/infatuation/declined-a-date walks past a smart phone camera, or laptop, the payload triggers, flashes revenge porn, blares music, and crashes the laptop. A ripple of chaos as they go about their lives. Of course that's excluding feeds from ATMs, home security, the government, trail cams, toasters, fridges, game systems, and secure access doors.

 

[Schtask]

i agree with you there are simple modifications to mask the signature. However there are static elements to the code which can have a signature attached once it is detected.

And when anti virus apps have heuristic analysis of running apps is on, they do scan everything the app does. Just because it's white-listed during the scan and download doesn't mean it's forgotten. Anti viruses pay attention especially when there seems to be a large number of file accesses to unrelated files. When an app executes it pays attention to what services it uses, and which directories it accesses. If it's an unknown app, it's operating characteristics get logged. If a newly installed app Y tries to access services and directories that are already covered by app X, then it gets flagged and sent for analysis. Especially if said app tries to override certain core features.

To combat against this and wanna cry variants, anti-virus firms like BitDefender auto lockdown certain folders you select and new apps can't access them until you give the thumbs up. The reason I know this is because Roblox Studio won't get access to my documents folder as they keep installing new variants and Bit Defender goes "I can't allow you to do that Dave" (Much to my young son's frustration when he's scripting something and trying to make movies)

Right, but what I'm saying is this. Deeplocker could hide malware in Discord. That version of Discord gets downloaded 20,000,000 times. Maybe it gets pushed as an update. The point being...Those versions of Discord will be completely benign. Nothing will be different until a trigger condition is met. See what I'm saying? The trigger condition could be a specific person or machine. There are no behaviors or samples to analyze until that trigger condition is met. AV detection should NEVER be relied upon to state a system is clean. That's why most IR plans stipulate infected machines are nuked from orbit.