Hidden Malware Ratchets Up Cybersecurity Risks

pop-up alert stating 'That's totally not a virus, Don't tell your sysadmin' - Credit: Local_Doctor / Shutterstock

Hidden Malware Ratchets Up Cybersecurity Risks
Communications of the ACM, October 2022, Vol. 65 No. 10, Pages 16-18
News
By Samuel Greengard

Wang and his fellow researchers were able to engineer malware-infected ZIP files that could evade 58 different antivirus engines.

 

The ability to peer into computing devices and spot malware has become nothing less than critical. Every day, in every corner of the world, cybersecurity software from an array of vendors scans systems in search of tiny pieces of code that could do damage—and, in a worst-case scenario, destroy an entire business.

 

Most of these programs work in a fairly predictable way. They look for code signatures—think of it as the DNA of malware—and when they find a match, they attempt to isolate or delete the malware. In most cases, the approach works, and the software keeps smartphones, personal computers, and networks reasonably secure.

 

What if cybercriminals could hide pernicious payloads in places where commercial cybersecurity software were unable to detect it? Unfortunately, this approach is both possible and increasingly viable. Over the last few years, researchers have found that it is possible to infect audio and video files, documents, Internet of Things devices, and even deep learning models. Just a few kilobytes of code can fly below the radar of today’s malware scanners.

 

That is both frightening and dangerous. “These techniques represent a substantial risk. They will likely change the way we approach and manage cybersecurity,” says Tao Liu, an assistant professor in the Department of Mathematics and Computer Science at Lawrence Technological University in Southfield, MI. Adds Wujie Wen, an assistant professor in the Department of Electrical and Computer Engineering at Lehigh University in Bethlehem, PA, “Hidden malware opens up all sorts of attack methods and vectors.”

 

So far, there has been no indication that cybercriminals have begun implanting hidden malware in files, including deep learning systems used by individuals, businesses, or governments. Yet the time bomb is ticking, researchers say. A growing body of research demonstrates the approach is already viable, and there’s almost no way to stop it.

Read the Full Article »

About the Author:

Samuel Greengard is an author and journalist based in West Linn, OR, USA.

See also:

  • EvilModel: Hiding Malware Inside of Neural Network Models, 2021 IEEE Symposium on Computers and Communications (ISCC), September 5–8, 2021. Wang, Z., Liu, C., and Cui, X.
  • StegoNet: Turn Deep Neural Network into a Stegomalware. ACSAC ’20: Annual Computer Security Applications Conference, December 2020, Pages 928–938. Liu, T., Liu, Z., Liu, Q., Wen, W., Xu, W., and Li, M.
  • Stegomalware: A Systematic Survey of Malware Hiding and Detection in Images, Machine Learning Models and Research Challenges, Cornell University, October 6, 2021. Chaganti, R., Vinayakumar, R., Alazab, M., and Pham, T.D.
  • Obfuscation: The Hidden Malware, IEEE Security & Privacy, Volume: 9, Issue: 5, Sept.-Oct. 2011, Pages 41–47. O’Kane, P., Sezer, S., and McLaughlin, K.