“George Orwell was an optimist”
“Interesting insights about the cyber horizon” was a great way to sum up Mikko Hyppönen’s keynote speech in the AI for good Summit on the 5th of May 2021. The topic of the keynote was Malware and machine learning – a match made in Hell and it covered the subject of machine learning in cyber crime extensively.
As a renowned expert of his field, F-Secure’s Chief Research Officer Mikko Hyppönen is one person that everyone should listen to when it comes to cyber security. With over 30 years of experience in research, reverse engineering and investigating cyber crime cases, he is a specialist above many others.
The breakneck speed at which technology is evolving is both an amazing and a terrifying thing. In the last twenty years, the “online world” has become a norm, and we are the first generation of people to live our lives in both the physical world, and through the internet. For now, it is just things that we call “smart devices” that are connected to the internet, but Hyppönen predicts that in the future this will include “dumb devices” as well. For now, though, Hypponen’s law still abides, and it says: Whenever an appliance is described as “smart”, it is vulnerable.
As the world of Internet of things (IoT) advances, these things have become the weakest links in the chains of connected devices. Computers and phones as everyday appliances have great systems for malware protection, but it might only take one unprotected device in the chain to then grant access to every device connected to the same network. Attackers with malicious intent don’t hack your blenders or fridges to gain access to them, but to gain access to the main devices of the network, where precious data is being transported. You should never assume a “smart” device is safe just because it doesn’t have a keyboard.
As developers of cyber security software, these security companies are the vanguard in fights against these kinds of attacks, and nowadays they fight against ever advancing technologies. Cyber crime has gone from jokey viruses to a criminal industry that is predicted to cost $6 trillion USD globally in 2021, and it will almost double in the next five years (Steve Morgan, 2020, Cybercrime Magazine)
Personal data in itself doesn’t seem to be the most important of issues for many people. I’d bargain most of us have used Google, Facebook, and many other “free” services at the low cost of our personal data. Many people wish there were an optional way to pay, e.g., with money, but seeing as Google made more than $145 billion USD from well targeted ads alone, thanks to having our personal data, it’s safe to say that they don’t plan to change their business model any time soon.
With freedom to use our computers with more or less open operating systems, there is an increasing risk of malware. Sure, most computers have some sort of antivirus software installed in them, but this doesn’t guarantee 100% safety, especially as attacks and viruses are becoming more and more sophisticated. With the freedom to use your computer how you see fit and run .exe files of unknown origins (usually with some pre-emptive warnings from your firewall), so the more freedom you have, the more careful and knowledgeable you should be of the risks. It’s no surprise that the most secure version of Windows is inside an XBOX, and it is just due to its closed non-customizable nature.
On top of harmful .exe files, there are many more different risks of cyber attacks on individuals. These include phishing attacks, ransomware and romancing schemes, for example. Now that artificial intelligence and machine learning are so well developed, the combinations of these raise some scary new threats. For example, an AI based romancing or other e-mail scheme that reacts perfectly to the targeted person’s language and dialect, and that could be used to cheat someone from their money. Obviously the traditional “Nigerian Prince” scheme is a classic example of this, and even those rake in almost a million dollars per year. What happens when the attack is smart, and uses the target’s actual data?
Another threat of the future is dynamic code in malware, meaning that a program could rewrite itself to stay hidden from antivirus software. For now, there’s no proof of anything like this existing, but with the rapid evolution of the digital world, who knows? Someone smart enough could write a code that continuously checks itself through multiple antivirus programs, and when it goes through undetected, it can use itself to attack, and keep on doing this, infecting countless devices, always in seemingly “new” ways.
The bright side of this equation is that the people who could pull of these kinds of attacks often don’t have to steer into a life of crime, as there are well-paying jobs and other opportunities for them. Unfortunately, cybercrime does pay, and it pays quite handsomely, but it is up to us to provide other options for these tech experts, to keep the “good guys” on the leading positions of this race.
Hyppönen, M. Chief Research Officer. Malware and Machine Learning – A match made in hell. Keynote presentation. AI For Good Summit. 5.5.2021. Online.