42
1.
There is a possibility for creating a malware with AI.
2.
There are available building blocks for AI engine that can speed up the
creation of the NeuroWorm.
Let us return to the organization attacked with NeuroWorm.
The CIRT (Computer Incident Response Team) team just arrived. They work
hard and where lucky to figure out the NeuroWorm weaknesses…
At this moment, when the CIRT team started successfully to kill the malware and
finally, managed to "outsmart" the NeuroWorm… they could face a one more
problem – The Game of Life, the NeuroWorm lunched Aggressive Social
Engineering.
2.14 Aggressive Social Engineering.
Using various social engineering techniques by malware is not new. The term
“social engineering” often means - “people manipulation”. The current technique
used in malware, mostly depends on lying – to “tweak” the user to do a desired
action (click on link, run program). The best way to protect from this threat is to
educate computer users. Until now – nothing new, but what if the malware is
designed to survive? I ask another question: What if malware will fight back and
play with humans to survive in their networks? Here is an example of a deadly
game that some aggressive malware can start playing with us:
… the NeuroWorm is “loosing its positions” for the CIRT team in some infected
organization. Nor AI, nor any technical means doesn’t help to the NeuroWorm.
There is a time for the last move… the NeuroWorm sends message to the
humans (NET SEND, mail or in another way), the massage says:
“Stop killing me! If I lose one more node - I will crush your <the server name>
machine!”
Of cause, the NeuroWorm will choose some “good” target, the target that should
“hurt” to organization to lose it. (‘to lose’ – means some DoS action like data
corruption, formatting, etc. And of cause, one of the first missions for the malware
in the enterprise environment is to obtain some sort of administrative account. As
you know, there are many ways to obtain such account in the Microsoft Windows
network, especially for the “slow malware”).
The game is started… What would you do in such situation? Probably, your first
reaction will be that this is the hoax, but to minimize your risk, you will change
 |
 |
 |