Blogs

How DarkTrace Antigena’s Autonomous Response Solution Can Help Tackle Ransomware

The rise of artificial intelligence opens new possibilities for cyber security, but unfortunately, it opens the same possibilities for cyber-attacks. According to Forbes Magazine, the prevalence and incidence of ransomware attacks will swell in 2020. Unlike the attacks of the past, those in coming year will seek to remove or alter backup data. In fact, its predicted that ransomware will rise to become the biggest and most pervasive cybersecurity threat businesses will face. Cyber criminals that leverage ransomware as an attack vector like to target the healthcare industry because of the value of those records and healthcare has been known to pay out fees as well as create budgets specifically for these payments. Fortunately, DarkTrace Antigena is working to remediate these risks, regardless of industry.

Remember that cyber-attack vulnerabilities permeate all industries and continue to grow in number, thanks to the rise of devices connected to the Internet of Things (IoT). As threats grow, businesses must implement proactive countermeasures that leverage AI to reduce risk and prevent data loss or disruption. Autonomous Response, part of DarkTrace Antigena, helps organizations mitigate cybersecurity risks and prevent cyber-attacks in real time. How? Well, first, let’s take a look at how AI plays into both the light and dark sides of ransomware and how AI-powered interventions can make a big difference.

How Did Cyber Attackers Get AI on Their Side?

According to CIO.com, the use of AI for malicious intent is a leading strategy in cybersecurity threats. AI helps cyber attackers by automating attacks and equipping them with more personal information, giving them the chance to target more businesses while providing a faster, less time intensive process for the actual hackers. Global leaders have taken note of this with 64% expressing worry over AI technologies and their use for cyber attacks and enabling data breaches, found a recent Forrester report, says Paredes.

Several ransomware and malware attacks have gained infamy due to the use of AI, notes the World Economic Forum. In 2018, the Emoted Trojan leveraged a prototype-AI to conduct massive span-phishing campaigns, tricking users to click on email attachments and even embedding malware into pre-existing email threads. What is the real risk?

A malware or ransomware capable of harvesting data from a person’s email threads and using true conversations with others is a major threat. Imagine the outcomes if a single user’s email was compromised. Company-wide emails could become cyber-attack vehicles, transforming a seemingly harmless interaction into a devastating data breech.

The question then becomes, “what industries have a higher AI-powered ransomware attack risk and why?”

Which Industries Have a Higher Ransomware Attack Risk?

That’s a loaded question. All industries have a risk of ransomware attacks, but industries that have moved into the digital space and require around-the-clock uptime and access to data have a higher risk. Furthermore, industries that cannot move forward and even risk people’s lives due to data loss are at the highest risk. What industry carries the highest risk of all?

The answer is simple; the healthcare industry carries the highest ransomware risk. Think about it. If a healthcare organization succumbs to a cyber-attack not only do they give hackers valuable patient data (including health information, financial information and even personally identifying information) but they put themselves at great financial risk. Hackers can hold records hostage, leading to inaccurate treatment plans and opening the organization to a lawsuit. Moreover, data regarding test results, treatment plans, and patient outcomes could be lost, potentially opening the door to a higher risk of mortality among those served. Even if they have taken steps to reduce their risk, they can still be on the hook for millions of dollars in fines and penalties for violating  HIPAA (Health Insurance Portability and Accountability Act).

The health industry has also endured real-world attacks that leveraged AI. According to Healthcare IT News, hackers used AI to enable access and take down the entire network of SingHealth in 2018. The malevolent AI emulates normal, accepted behaviors of users, and the only way to recognize the problem would be to find its origin and stop it from emulating such interactions and processes.

Why Does Autonomous Response Reduce Ransomware Attack Risk?

DarkTrace Antigena Autonomous Response is an advanced cybersecurity platform that uses AI to identify and stop ransomware in its tracks. With the frequency of external attacks and a rising prevalence of insider threats, DarkTrace developers found a need to offer a better AI based solution. Prior cybersecurity solutions relied on recognizing a threat upon entry through a firewall, but as AI grew in capabilities, it gained the power to hide within plain sight. Yes, the use of AI for evil does exist, and it is a problem. However, the Antigena Autonomous Response effectively reduces ransomware attack risk in several ways.

  • Ransomware Often Appears in Benign Data Streams.
    Ransomware has a history of appearing in benign data streams. This is the crux of malware. It entices users to click, and upon that click, a series of executable files are downloaded and processed. Unfortunately, this means that ransomware’s pathway could exist in both company and non-company interactions, and its AI-powered capability could further hide its real identity. As a result, it never triggers an alarm for penetrating a firewall, and its authentic appearance fools even advanced firewalls.The Antigena Autonomous Response relies on machine and user behavioral histories to understand what is typical and atypical for that interaction. When the data stream moves beyond a series of preprogrammed response tools, which continuously evolve through machine learning and AI, Antigena becomes active. The activation mirrors the body’s natural response to a pathogen, working to wall off the infection automatically and prevent its continuation. Unfortunately, new and novel threats will always find a way inside your network. That much is clear. However, AI gives cybersecurity experts the tools need to seek and find possible threats proactively. Instead of relying on disruption to trigger an alert, the Autonomous Response takes another step to intervene.
  • Prevention and Quarantine Protocols Rely on Historical Data to Immediately Identify and Isolate Risks.
    Antigena Autonomous Response prevention and quarantine protocols are intelligent. They work to continuously scan the network for deviations or vulnerabilities. For instance, a user may interact with multiple parties outside the company. However, if those interactions appear to transcend the normal interactions and download data, especially through a high-volume data stream, to company servers or the device, DarkTrace can recognize the deviation as well as the origin of such data. If the interaction is 100% rare for that user or device, diverging from the evolving pattern of life, the response is automatic. It stops the interaction and isolates the threat.This is the surgical side of DarkTrace’s Antigena. With precision, Antigena intervenes and isolates that device to allow more advanced users and cybersecurity professionals to address the problem. Of course, the ever-growing capabilities of Antigena mean that the system itself could shut down the data stream, halt the computer, delete the malicious code, and validate removal of malware before it ever causes a disruption.

Additional Benefits of Antigena Autonomous Response Focus on Timeliness and Accuracy.

The introduction of DarkTrace Antigena Autonomous Response is both novel and noteworthy. It carries strong benefits that help your security team investigate, remediate, and prevent the recurrence of ransomware attacks and threats. Those still uncertain should consider these additional benefits.

  • Autonomous Response Lowers Risk of Disruption.
    Autonomous Response means cybersecurity professionals can focus on addressing potential issues and not trying to fight in real-time code. With today’s capabilities, hackers possess advanced AI functions on their side of the fence as well, and it is impractical to try analyzing and understanding threats in real time, letting them continue to do damage. By isolating and remediating the problem DarkTrace’s Antigena Autonomous Response allows your team members to keep working without risking release of ransomware into your network.
  • Antigena Surgical Response Contains and Addresses Multiple Threat Forms, Including Ransomware.
    Antigena’s AI also considers the multiple threat forms, including ransomware, phishing, social engineering, hijacked email, and more. Through learning the pattern of life for each device and user, the DarkTrace AI learns to recognize when patterns exceed typical thresholds. This is an evolution from the traditional rule sets used by older cybersecurity measures and defenders.In today’s age, even legitimate interactions may contribute to ransomware attack risk. Consider this scenario. A salesperson or health provider regularly uses email to interact with customers or patients. If a patient email address becomes compromised; Antigena can leverage AI to review the content of the email, keeping proprietary information safe and secure, while recognizing the embedded code in the attachment or email contents originated from a server or machine well outside the typical networks for the user. In other words, Antigena goes the added length of recognizing that the external email contained information from a source that is known to possess associations with ransomware.

    The AI intervenes, neutralizing the threat and alerting team members.

    Other examples of the Autonomous Response in action include the analysis of links within normal patterns of life. When links were found within a communication that included a domain no one at the company had previously visited, Antigena raised the alarm. The AI further recommended the autonomous locking of each link as they enter the network. The results are clear; Antigena found and stopped hidden links from becoming a vehicle for ransomware.

Antigena Works Immediately, Never Stops, and Maintains Full Oversight of All Activities.

A final aspect of the Antigena Autonomous Response warrants explanation. As an AI, users can rest assured DarkTrace Antigena continously works to identify and prevent threats from becoming vulnerabilities and cyber-attacks. Instead of simply blocking or raising an alert, Antigena continues to review the interaction for changes that warrant further action.

For example, assume the DarkTrace AI responded to a download, alerting cybersecurity professionals of a new interaction on a device with an external server on the Tor network. While this might work for some companies, seconds are all that ransomware needs to make lasting terrors a reality for your company. As anomaly continued over three more seconds, DarkTrace revised the recommendation and activated Antigena.

Antigena went to work immediately, interrupting attempts to write to the company server and reviewing encrypted files. Uploaded, encrypted files were immediately deleted before spreading across the network.

What makes this example the greatest of all?

The writing of encryption files began after the user left the office, rendering the network human-less and effectively defenseless. Without the power of DarkTrace AI and the Autonomous Response, the threat may have grown into a full-scale hijack of operations and steep loss of data by opening time. Fast, automated response keeps your company safe even when the doors to your office are closed and locked.

Prevent Ransomware From Holding Your Data Hostage in 2020 With DarkTrace Antigena.

New threats will continue to come out of the woodwork and seek to destroy your organization, put your customers’ data at risk, and proceed with any measure possible to increase their own value and bargaining power. That’s the fundamental flaw in ransomware; it assumes your organization will pay excessively to keep data secure. Instead of waiting until a breach occurs, take the upper hand. Leverage the power of AI to prevent ransomware from harvesting and stealing your invaluable data. Find out more about the ways DarkTrace Antigena Autonomous Response and surgical isolation can reduce your risk by contacting comport to enrolling in your DarkTrace Antigena free trial today!

Get Your Free Trial

Source
www.forbes.com/sites/gilpress/2019/12/03/141-cybersecurity-predictions-for-2020/#4039dbed1bc5
www.darktrace.com/en/products/antigena/
www.cio.com/article/3508628/when-ai-is-used-for-evil.html

Stay Connected

Sign up to get notified when we post a new blog!

Extend the capabilities of your IT team with Comport’s technology services and solutions.

Contact an expert