Connect with us

Hi, what are you looking for?


Network Security

Fighting Automation with Automation

Disruptions Caused by Autonomous Malware Could Have Devastating Implications 

Disruptions Caused by Autonomous Malware Could Have Devastating Implications 

Organizations and consumers alike have a growing expectation for instant access to personalized information and services through an increasingly complex array of interconnected devices and networks. It is this demand that is driving the digital transformation of our economy.

Businesses that want to succeed need to not only stay ahead of demand from consumers and employees, but also the growing criminal element looking to exploit these new opportunities.

The proliferation of online devices accessing personal and financial information, the adoption of virtualized and multi-cloud environments, and the growing connection of everything – from armies of IoT devices and critical infrastructure in cars, homes, offices, and industry, to the rise of smart cities – have combined to create new destructive opportunities for cybercriminals.

Black Hat Automation

Cybercriminals have begun to leverage automation and machine learning in their attack tactics, techniques, and procedures (TTP). We have already begun to see attacks with automated front ends mining for information and vulnerabilities, combined with artificial intelligence-based (AI) analysis on the back end to correlate the vast amounts of structured and unstructured Big Data they have pilfered. The challenge is these sorts of data-intensive attack strategies require massive amounts of computing power. Which is why cybercriminals are using stolen cloud services and public infrastructure to launch and manage their attack campaigns and refine their malware tools. 

Detecting Cyber Threats with Machine Learning, Artificial Intelligence, and Cognitive Computing

Security vendors and researchers already use machine learning and sandbox tools to analyze malware to determine whether or not it is malicious. So there is no reason why this same approach can’t be used by cybercriminals to automatically map networks, identify targets, determine device or system weaknesses, conduct virtual PEN testing, and then build and launch custom attacks using techniques such as fingerprinting and blueprinting. In fact, we are now seeing the first attempts at automatically generating custom code based on such information in order to more effectively strike at vulnerable targets

This isn’t science fiction. Current polymorphic malware has been using learning models to evade security controls for years, and can produce more than a million virus variations per day. But so far, there is very little sophistication or control over the output. Next-gen “Morphic Malware,” however, will be able to build customized attacks that are not simply variations based on a static algorithm. Instead, they will employ automation and machine learning to build thousands of customized attacks against a specific target. 

Advertisement. Scroll to continue reading.

Fighting Fire with Fire

One critical response to advancements in malware and cybercriminal technologies is the development of “expert systems.” An expert system is a collection of integrated software and programmed devices that use artificial intelligence techniques to solve complex problems. For example, expert systems currently use databases of knowledge to offer advice, perform medical diagnoses, or make educated decisions about trading on the stock exchange. 

The success of expert systems depends on different systems collaborating together to solve complex challenges. They need to be able to share critical intelligence and support security architectures automatically working in concert to root out and stop advanced threats. In addition to integrating multi-cloud and mobile devices together under a common security protocol, unsegmented and unsecured networks also need to be actively monitored and secured at digital speeds. Which means that isolated security devices will need to be identified and replaced with those designed to operate as part of a more complex, integrated, and automated system.

One of the biggest challenges will be the last mile of security – finding the will and the way to automate critical security hygiene functions, such as inventory management, patch and replace, hardening systems, and implementing two-factor authentication. The challenge is that complex, multi-cloud ecosystems and hyperconverged networks that span physical and virtual environments are making performing these basic security practices extremely difficult to achieve. It is essential, therefore, that AI and automation begin to fill this gap by replacing basic security functions and day-to-day tasks currently being performed by people with integrated expert security systems and automated processes that are able to do such things as:

1. Keep a running inventory of all devices connected to the network, analyze and determine device vulnerabilities, apply patches and updates to devices, flag devices for replacement, and automatically apply a security protocol or IPS policy to protect those vulnerable devices until an update or replacement is available. They also need to be able to isolate compromised devices to stop the spread of infection and initiate remediation.

2. Device misconfiguration is another huge problem many organizations face. Expert systems need to be able to automatically review and update security and network devices, monitor their configurations, and make appropriate changes as the network environments they operate in continue to shift, all without human intervention. 

3. Automated systems also need to be able to rank devices based on levels of trust and indicators of compromise, and dynamically segment traffic, especially that coming from the growing number IoT devices. And it needs to be able to do this in even in the most highly elastic environments at digital speeds. Automation will soon reduce offense vs. defense (time to breach vs time to protect) to a matter of milliseconds rather than the hours or days it does today, and to be able to successfully counter this evolution, human beings need to be able to get out of the way.

Over the next couple of years, we will see the attack surface expand through the use of automation and tools that are able to make autonomous or semi-autonomous decisions. Once AI and automation take on a life of their own without human interaction – massive disruptions caused by autonomous malware could have devastating implications and permanently reshape our future.

To meet the demands of these changes, security speed and volume will require automating security responses, applying intelligence, and developing and refining self-learning so that networks can effectively make autonomous decisions. This will allow us to replace our current accidental network architectures with intentional design that can not only withstand serious and sustained attacks, but also automatically adapt now and into the future. 

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.