Translate into a different language

Tuesday, May 16, 2017

Can machine learning prevent another WannaCry? | Livemint

"While hackers are bound to be a step ahead of experts in most cases, technologies like machine learning that can automate the function of malware detection can help." inform Leslie D'Monte, Technology Editor, Mint. 

WannaCry malware is programmed to spread via SMB (Server Message Block), a protocol specific to Windows machines to communicate with file systems over a network.
Photo: Reuters

WannaCry, the malware that held over 200,000 individuals across 10,000 organizations in nearly 100 countries to ransom—demanding that they either cough up money or lose their data—may be on the wane but this is no time to be complacent.

While hackers are bound to be a step ahead of security experts and companies in most cases, the answer lies in seeking the help of newer technologies like machine learning that can automate the function of malware detection.

What does WannaCry do?
Also going by names such as WannaCrypt, WCrypt, WCRY, WannaDecrypt0r or WanaCrypt0r 2.0, ransomware WannaCry is designed to prevent access to a system until a sum of money is paid, usually in bitcoins. The malware is programmed to spread via SMB (Server Message Block), a protocol specific to Windows machines to communicate with file systems over a network.

WannaCry takes advantage of the machines that support this protocol but have not received the critical MS-17-010 security patch from Microsoft that was issued on 14 March.

Once the initial worm module is introduced to a system, according to Paladion Networks, it scans hosts on the local area network or LAN, while simultaneously scanning the Internet by generating random internet protocol (IP) addresses. “If connection to port 445 ( traditional Microsoft networking port) on that random IP address succeeds, the entire range is scanned, and if port 445 is found open, exploit attempts are made,” explained Sunil Gupta, president and chief operating officer of Paladion Networks.

While Microsoft released updates for the unsupported Windows XP and Windows Server 2003 and patches for the Windows 8 operating systems to combat the attack, no incidents of Microsoft Windows 10 being affected have been reported till now.

Russia and India were hit, largely because many users, companies and government departments still use the unsupported Microsoft’s Windows XP. “It indeed is the biggest ransomware outbreak in history in terms of infections. But as of Saturday morning, the day after the outbreak, it had only made a measly $25,000, according to our researchers,” said Amit Nath, head of Asia Pacific-corporate business at F-Secure Corp.

Nature of the ransomware beast
As the name suggests, it is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid.

According to security experts from Trend Micro Inc., ransomware can be downloaded on to systems when unwitting users visit malicious or compromised websites. Some ransomware are known to be delivered as attachments from spammed email, downloaded from malicious pages through mal-advertisements, or dropped by exploit kits on vulnerable systems. Once executed in the system, ransomware can either lock the computer screen, or, in the case of crypto-ransomware, encrypt predetermined files...

Can machine learning come to the rescue?
The simplest method to detect malware, security experts will tell you, is by using the “Hashing” method which checks the existence of a hash (#) sign in a database. Of course, this is a very tedious exercise. The other method involves the use of signatures where security experts looks for specific strings in the file. But this, too, can easily be bypassed by malware authors. Behaviour-based malware detection examines what the program does when executed.

The question, then, is whether we can automate this process of malware detection with machine learning?

Machine learning, which enables systems to learn from data sets without having to be programmed specifically, would be the next best weapon in this cyber war, Trend Micro security experts believe. It can take advantage of existing data to determine patterns and use those patterns to adjust its own actions. It could, thus, provide the key to detecting ransomware attacks before they become too widespread, providing the opportunity for an organisation to react ahead of malicious file encryption. 
Read more... 

Source: Livemint


If you enjoyed this post, make sure you subscribe to my Email Updates!

0 comments: