AI-generated polymorphic malware. What is it? Let’s break it down. AI is obviously short for Artificial Intelligence. Ok, cool! But, AI in general, is overblown as a concept, but not overblown in potential capabilities. Polymorphic means ever-changing. And malware is generic for anything that you definitely don’t want on your computer, that is malicious in nature. Combining all of that means that the AI-engines (ChatGPT, Gemini, CoPilot, etc) are now capable of generating computer viruses that can morph themselves into something different as time progresses, staying hidden from software security solutions.
Antivirus software is designed to look at file, and process “signatures,” something static that yells out, “Hey, I’m a computer virus.” Antivirus software companies build signature databases to look for common tale-tell signs that a program is acting maliciously. These signatures used to be static, meaning that if your computer had Virus X, it would have a commonly identified file or process running in the background that was common to your computer, and every other computer infected with the same virus.
Probably what a computer virus wants more than anything else is evasion. The longer they can remain undetected, the longer they can do whatever ill thing they were written to do.
Welcome to 2024. It’s not just the good guys that are finding out what they can do with AI, unfortunately the bad guys are finding out too. The cyber threat landscape is changing at an exponential magnitude and pace. The bad guys are finding out that, with AI, and with way less effort, they can code way more powerful malware that hides in plain sight from antivirus software. Once an antivirus definition database is updated to include the latest identified threats, it’s already too late. The polymorphic malware has changed it’s identity.
So, what do we do about it? We fight fire, with fire. We harness the power of AI to fight AI-powered threats.
Call Me for I.T. has a finger on the pulse of cyber security. You can take the girl out of the Department of Defense, but you can never take the DoD out of the girl. Ever since leaving the military cyber security scene in 2015, I’ve been obsessed with cyber security. I’ve seen the threat landscape evolve greatly over time and had a laser-like focus on it. And now, we are at an epoch of a new AI-powered era in cyber security. It’s taken having a finger on the pulse of this evolving cyber security age to be agile enough that I can adequately respond.
From vulnerability assessments to good guy hacking, I’m uniquely qualified. I’ve been a subject matter expert in a legal case to doing incident response in real-time breaches. I spend my free time reading up on the latest threats and defenses. Trained by the military, industry, and an elite Israeli hacker, I’ve gotten the best of training, and a wealth of experience from commercial sectors to the military’s “Tip of the Spear” doing it in the real world.
So, polymorphic or not, we’ll find you, and lock you up, little virus.
(And, it’s only getting crazier. They are now writing viruses that make the different AI engines attack each other. But, that’s a bedtime story for another night. In the meantime, we got your back!)