But the company has drawn some scrutiny over its marketing practices and response to testing (see: Anti-Virus Wars: Sophos vs. Blackberry Cylance has said that the advantage of using a well-trained algorithm is that it rarely has to be updated and is likely to trigger on unknown malicious files.īy all measures, the Cylance Protect product is a competitive and effective one. The Cylance Protect product is intended to catch never-before-seen malware based on an analysis of millions of characteristics. The security industry has moved toward other detection methods that are used in parallel, such as observing the behavior of a file.
Relying on signatures has a weakness in that slightly modified versions of the same malware may not be caught. Those vendors contend their approach is more reliable that relying on signatures, or descriptions of already known malicious files that are updated regularly in endpoint security products. “Of course, it's kind of funny that in Cylance's case, you could bypass it by just adding strings, but that's how AI/ML works: It discovered that the output of strings is a strong indicator of whether something being malware, so that's what it used,” Grooten writes on Twitter.īlackberry Cylance is one of many security vendors that have heralded the use of artificial intelligence and machine learning to catch malware. Our research and development teams have identified a solution, and will release a hotfix automatically to all customers running current versions in the next few days."īlackberry Cylance declined to comment further beyond its posted statement.īypassing anti-virus programs by creating malware that looks legitimate is nothing new, and it’s not terribly surprising that products that rely on artificial intelligence and machine learning are also prone to error, writes Martijn Grooten, the editor of Virus Bulletin, a security product testing and research organization. We have verified there is an issue with Cylance Protect, which can be leveraged to bypass the anti-malware component of the product. In a statement, Blackberry Cylance says it's "aware that a bypass has been publicly disclosed by security researchers. Other vendors may have the same issue, he says. Skylight’s CEO, Adi Ashkenazy, tells Information Security Media Group that the issue researchers found with the gaming strings is essentially a “bias” that is baked into Cylance Protect’s detection mechanism. “This method proved successful for 100 percent of the top 10 malware for May 2019, and close to 90 percent for a larger sample of 384 malware,” Skylight writes in a blog post. The specific gaming application was not revealed. The findings were first reported by Vice’s Motherboard. Researchers at Skylight Cyber say they discovered that appending strings from the executable of a gaming application to files such as WannaCry would fool Cylance Protect's detection engine into thinking the file was not malware.
Skylight Cyber says it examined how Cylance’s Protect product evaluates malware, giving it a score to determine whether an executable is likely to be malicious. See Also: Data Sharing Espionage: A Fraud Discussion An Australian cybersecurity company says it tricked BlackBerry’s Cylance Protect anti-virus product into believing that some of the most pernicious types of malware, including WannaCry and the SamSam ransomware, were benign programs.
0 kommentar(er)
