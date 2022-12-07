Malware
 

Internet

See all Internet

IT

See all IT

Mobile Tech

See all Mobile Tech

Security

See all Security

Technology

See all Technology

Newsletters

See all Newsletters

Researchers Weaponize Machine Learning Models With Ransomware

hacked computer hardware

As if defenders of software supply chains didn’t have enough attack vectors to worry about, they now have a new one: machine learning models.

ML models are at the heart of technologies such as facial recognition and chatbots. Like open-source software repositories, the models are often downloaded and shared by developers and data scientists, so a compromised model could have a crushing impact on many organizations simultaneously.

Researchers at HiddenLayer, a machine language security company, revealed in a blog on Tuesday how an attacker could use a popular ML model to deploy ransomware.

The method described by the researchers is similar to how hackers use steganography to hide malicious payloads in images. In the case of the ML model, the malicious code is hidden in the model’s data.

According to the researchers, the steganography process is fairly generic and can be applied to most ML libraries. They added that the process need not be limited to embedding malicious code in the model and could also be used to exfiltrate data from an organization.

Machine learning model hijacking

Planting malware in a machine language model allows it to bypass traditional anti-malware defenses. (Image courtesy of HiddenLayer)

Attacks can be operating system agnostic, too. The researchers explained that the OS and architecture-specific payloads could be embedded in the model, where they can be loaded dynamically at runtime, depending on the platform.

Flying Under Radar

Embedding malware in an ML model offers some benefits to an adversary, observed Tom Bonner, senior director of adversarial threat research at the Austin, Texas-based HiddenLayer.

“It allows them to fly under the radar,” Bonner told TechNewsWorld. “It’s not a technique that’s detected by current antivirus or EDR software.”

“It also opens new targets for them,” he said. “It’s a direct route into data scientist systems. It’s possible to subvert a machine learning model hosted on a public repository. Data scientists will pull it down and load it up, then become compromised.”

“These models are also downloaded to various machine-learning ops platforms, which can be pretty scary because they can have access to Amazon S3 buckets and steal training data,” he continued.

“Most of [the] machines running machine-learning models have big, fat GPUs in them, so bitcoin miners could be very effective on those systems, as well,” he added.

HiddenLayer demonstrates how its hijacked pre-trained ResNet model executed a ransomware sample the moment it was loaded into memory by PyTorch on its test machine.

First Mover Advantage

Threat actors often like to exploit unanticipated vulnerabilities in new technologies, noted Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz.

“Attackers looking for a first mover advantage in these frontiers can enjoy both less preparedness and proactive protection from exploiting new technologies, Clements told TechNewsWorld.

“This attack on machine-language models seems like it may be the next step in the cat-and-mouse game between attackers and defenders,” he said.

Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation in Tel Aviv, Israel, pointed out that threat actors will leverage whatever vectors they can to execute their attacks.

“This is an unusual vector that could sneak past quite a few common tools if done carefully,” Parkin told TechNewsWorld.

Traditional anti-malware and endpoint detection and response solutions are designed to detect ransomware based on pattern-based behaviors, including virus signatures and monitoring key API, file, and registry requests on Windows for potential malicious activity, explained Morey Haber, chief security officer at BeyondTrust, a maker of privileged account management and vulnerability management solutions in Carlsbad, Calif.

“If machine learning is applied to the delivery of malware like ransomware, then the traditional attack vectors and even detection methods can be altered to appear non-malicious,” Haber told TechNewsWorld.

Potential for Widespread Damage

Attacks on machine-language models are on the rise, noted Karen Crowley, director of product solutions at Deep Instinct, a deep-learning cybersecurity company in New York City.

“It isn’t significant yet, but the potential for widespread damage is there,” Crowley told TechNewsWorld.

“In the supply chain, if the data is poisoned so that when the models are trained, the system is poisoned as well, that model could be making decisions that reduce security instead of strengthening it,” she explained.

“In the cases of Log4j and SolarWinds, we saw the impact to not just the organization who owns the software, but all of its users in that chain,” she said. “Once ML is introduced, that damage could multiply quickly.”

Casey Ellis, CTO and founder of Bugcrowd, which operates a crowdsourced bug bounty platform, noted that attacks on ML models could be part of a larger trend of attacks on software supply chains.

“In the same way that adversaries may attempt to compromise the supply chain of software applications to insert malicious code or vulnerabilities, they may also target the supply chain of machine learning models to insert malicious or biased data or algorithms,” Ellis told TechNewsWorld.

“This can have significant impacts on the reliability and integrity of AI systems and can be used to undermine trust in the technology,” he said.

Pablum for Script Kiddies

Threat actors may be showing an increased interest in machine models because they’re more vulnerable than people thought they were.

“People have been aware that this was possible for some time, but they didn’t realize how easy it is,” Bonner said. “It’s quite trivial to string an attack together with a few simple scripts.”

“Now that people realize how easy it is, it’s in the realm of script kiddies to pull it off,” he added.

Clements agreed that the researchers have shown that it doesn’t require hardcore ML/AI data science expertise to insert malicious commands into training data that can be then triggered by ML models at runtime.

However, he continued, it does require more sophistication than run-of-the-mill ransomware attacks that mainly rely on simple credential stuffing or phishing to launch.

“Right now, I think the specific attack vector’s popularity is likely to be low for the foreseeable future,” he said.

“Exploiting this requires an attacker compromising an upstream ML model project used by downstream developers, tricking the victim into downloading a pre-trained ML model with the malicious commands embedded from an unofficial source, or compromising the private dataset used by ML developers to insert the exploits,” he explained.

“In each of these scenarios,” he continued, “it seems like there would be much easier and straightforward ways to compromise the target aside from inserting obfuscated exploits into training data.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Get Permission to License or Reproduce this Article

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
information security professionals
Unprotected Machine Identities Newest Enterprise IT Security Concern
July 26, 2022
cloud computing cyberseccurity
Netenrich Introduces AI/ML Platform for Cloud Security
May 24, 2022
More by John P. Mello Jr.
view all
pharmacy e-commerce Rx delivery
Report Calls for Crackdown on Advertising by Digital Pill Mills
December 6, 2022
A young man looking at the iPhone 14 window display in Paris
China’s Woes Could Take a Bite Out of Apple’s Bottom Line
November 29, 2022
Cloud Computing
Moving to the Cloud? Avoid These Strategic Errors
November 22, 2022
couple holiday shopping online
Mozilla Releases Gift Guide With Privacy in Mind
November 16, 2022
Facebook Ads mobile app
Watchdog Finds Flourishing Black Market on Facebook for Fraudulent Ad Accounts
November 15, 2022
Mozilla, stylized as moz://a sign on Silicon Valley office of the not-for-profit Mozilla Foundation
Mozilla Antes Up $35M To Save the Soul of High Tech
November 9, 2022
student lockers in a school hallway
Schools Must Leverage Tech To Boost Response Time to Violence: Report
November 8, 2022
systems control room computer operators
New Report Finds Nearly 50% of 2021 Phishing Targeting Gov’t Workers Aimed at Credential Theft
November 2, 2022
business executive stressed out in glass elevator
CEO Fired Over Employee Monitoring Among Forrester Privacy Predictions for 2023
November 1, 2022
boy playing a video game holding controller
Research Finds Potential Benefits for Pre-Teen Video Game Players
October 26, 2022
More in Malware
hacker
Cybersecurity Tips for SMBs To Avoid Phishing Scams
November 28, 2022
Gen Z using smartphone
Massive Typosquatting Racket Pushes Malware at Windows, Android Users
October 25, 2022
cyberwarfare hacker
Chinese Hackers Deploy Fake News Site To Infect Government, Energy Targets
August 30, 2022
phone fraud hacker
5 Cyber Safety Tips To Survive the Internet, Hackers and Scammers
August 11, 2022
6 Signs Cybercriminals Infected Your Phone and How To Fix It
July 13, 2022
Digital Devices of Corporate Brass Ripe for Hacker Attacks
June 22, 2022
New Software Vulnerability Zeroes In on Microsoft Programs
June 1, 2022
Hackers Cast LinkedIn as Most-Popular Phishing Spot
May 16, 2022
hacker
Forrester Pegs B2B Fraud, Cyber Insurance Complacency as Top Threats in 2022
April 13, 2022
US Braces for Cyberwarfare Amid Fears of Russian Assault
March 23, 2022

Elon Musk's Dec. 2 action to release The Twitter Files: Approve or Disapprove?
Loading ... Loading ...

Technewsworld Channels

Applications

Applications

Attacks on Cloud Service Providers Down 25% During First 4 Months of 2022

Audio/Video

Audio/Video

Gift Ideas That Will Have Recipients Thinking Fondly of You

Chips

Chips

GPU Wars: Assessing the Contrasting Strategies of the Market Leaders

Computing

Computing

Anticipating the Evolution of AI-Enhanced Smartphones and Laptops

Cybersecurity

Cybersecurity

Researchers Weaponize Machine Learning Models With Ransomware

Data Management

Data Management

Twisted Cyber Case Finds Former Uber Security Chief Guilty of Data Breach Coverup

Developers

Developers

Google Cloud Introduces New AI-Powered Medical Imaging Suite

Emerging Tech

Emerging Tech

Mozilla Releases Gift Guide With Privacy in Mind

Exclusives

Exclusives

B2B Funding Firms Banking on Embedded Finance

Gaming

Gaming

3 Big Takeaways From AMD’s RDNA 3 Announcement

Hacking

Hacking

Cybersecurity Tips for SMBs To Avoid Phishing Scams

Hardware

Hardware

MediaTek Ups Its Mobile Game With the Dimensity 9200 SoC

Health

Health

Report Calls for Crackdown on Advertising by Digital Pill Mills

Home Tech

Home Tech

Blurring Boundaries: How Amazon Manages Category Crossover

How To

How To

How To Configure Windows To Auto Restart After a Power Failure

Internet of Things

Internet of Things

Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security

IT Leadership

IT Leadership

Moving to the Cloud? Avoid These Strategic Errors

Malware

Malware

New Report Finds Nearly 50% of 2021 Phishing Targeting Gov’t Workers Aimed at Credential Theft

Mobile Apps

Mobile Apps

The Future of Satellite Phone Communications

Operating Systems

Operating Systems

New ‘Tux’ Desktop Release Dresses Up Linux’s Distro Closet

Privacy

Privacy

CEO Fired Over Employee Monitoring Among Forrester Privacy Predictions for 2023

Reviews

Reviews

Compelling Tech Products To Put on Your Holiday Shopping Radar

Science

Science

Research Finds Potential Benefits for Pre-Teen Video Game Players

Search Tech

Search Tech

Upstart Search Engine Andi Delivers Answers, Not Lists

Servers

Servers

AMD vs. Intel: Suddenly the Desktop PC Is in Play

Smartphones

Smartphones

China’s Woes Could Take a Bite Out of Apple’s Bottom Line

Social Networking

Social Networking

Social Media Account Hijacking Jumps 1,000% in Last 12 Months: Report

Space

Space

DARPA Moves Forward With Project To Revolutionize Satellite Communication

Spotlight Features

Spotlight Features

Piracy Expert Sees Weaponization of Legit Video Providers on the Rise

Tablets

Tablets

Color, Android Apps Change the Game for E-Paper Tablets

Tech Buzz

Tech Buzz

Arm vs. Qualcomm Litigation Makes No Sense

Tech Law

Tech Law

Maintaining Global Compliance With Modern Data Privacy Laws

Transportation

Transportation

Airline Travel Hacks To Avoid Holiday Excursion Headaches

Virtual Reality

Virtual Reality

Metaverse Maybe a Moneymaker for Enterprises by 2027

Wearable Tech

Wearable Tech

Apple Refreshes Product Lines, Introduces New Ultra Watch

Women In Tech

Women In Tech

Female Army Veteran Uses Tech To Help Create a Better Future

More from ECT News Network

E-Commerce Times

Why Quality E-Gifts Are Smart Business Decisions
Why Quality E-Gifts Are Smart Business Decisions
December 6, 2022
5 Types of Shoppers and What They Want for the Holidays
5 Types of Shoppers and What They Want for the Holidays
December 1, 2022
Cyber Monday Sales Reach $11.3B, Jump 2021 by 5.8%
Cyber Monday Sales Reach $11.3B, Jump 2021 by 5.8%
November 30, 2022

LinuxInsider

GitHub Hides Code Flaw Reports, New RHEL and AlmaLinux, Amazon Deploys DentOS
GitHub Hides Code Flaw Reports, New RHEL and AlmaLinux, Amazon Deploys DentOS
November 28, 2022
A New SBOM Tool, OpenSSL Fixes, GitHub Flaw, Software Supply Chain Help
A New SBOM Tool, OpenSSL Fixes, GitHub Flaw, Software Supply Chain Help
November 9, 2022
New 'Tux' Desktop Release Dresses Up Linux's Distro Closet
New 'Tux' Desktop Release Dresses Up Linux's Distro Closet
October 27, 2022

CRM Buyer

Time To Bring Back the Corporate Research Lab
Time To Bring Back the Corporate Research Lab
December 1, 2022
Playvox Workforce Management Prioritizes Emotional Loyalty
Playvox Workforce Management Prioritizes Emotional Loyalty
November 16, 2022
Elon, Remember Thy Stakeholders
Elon, Remember Thy Stakeholders
November 14, 2022