Researchers have disclosed that they were able to repeatedly sneak malware past a leading AI-based endpoint security solution simply by appending benign code strings from a video game file to the malicious code.
The solution, CylancePROTECT, from Cylance and its parent company BlackBerry, failed to detect almost 90 percent of the 384 malware programs that researchers amended with the gaming code, according to a company blog post published yesterday by Sydney, Australia-based Skylight Cyber. And it missed 100 percent of the top 10 malwares of May 2019.
Skylight researchers decided to used the video game code to create a “universal bypass” exploit after a careful analysis of the CylancePROTECT’s engine and model found that the security solution had a demonstrated a “bias” for a popular game. (Skylight has not publicly revealed the name of the game.)
The AI model’s bias was the result of Cylance programmers whitelisting certain executables from the video game, perhaps to avoid these executables from generating false positives in the antivirus solution. With that in mind, Skylight researchers ..
Support the originator by clicking the read the rest link below.
