The past 100 years or so have seen an incredible advancement in technology, and the new found age of Artificial Intelligence is certainly no small part of it. Everything and everyone uses Machine Learning concepts to make life easier, like Siri or Alexa, but the dark side of the same can definitely be used to make life a living hell.

At the Black Hat USA 2018 conference a couple of weeks ago, security researchers at IBM considered a very likely scenario in the near future and created DeepLocker – a new generation malware which can fly under the radar and go undetected by way of carrier applications (like video conferencing software) until its target is reached. It uses an A.I. model to identify its target using indicators like facial recognition, geolocation and voice recognition — all of which are easily available on the web. Weaponized A.I. appears to be here for the long haul and could target anyone.


DeepLocker is just an experiment by IBM to show how open-source A.I. tools can be combined with straightforward evasion techniques to build a targeted and highly effective malware. As the world of cybersecurity is constantly evolving, security professionals will now have to up their game to combat hybrid malware attacks. Experiments like this allow researchers to stay one step ahead of hackers.

According to Marc Ph. Stoecklin, principal research scientist at IBM Research, “The security community needs to prepare to face a new level of A.I.-powered attacks. We can’t, as an industry, simply wait until the attacks are found in the wild to start preparing our defenses. To borrow an analogy from the medical field, we need to examine the virus to create the ‘vaccine.’”

But back to DeepLocker…

DeepLocker’s Deep Neural Network model provides “trigger conditions” that need to be met for malware to be executed. In case the target is not found, the virus stays blurred inside the app, which makes reverse-engineering for experts an almost impossible task.

To prove the efficiency and precision of A.I.-based malware, security engineers demonstrated the attack using the notorious WannaCry virus. They created a proof-of-concept situation where the payload was hidden inside a video conferencing program. None of the anti-virus engines or sandboxes managed to detect the malware, which resulted in this conclusion by researchers:

Imagine that this video conferencing application is distributed and downloaded by millions of people, which is a plausible scenario nowadays on many public platforms. When launched, the app would surreptitiously feed camera snapshots into the embedded A.I. model, but otherwise behave normally for all users except the intended target.

What is more, applications like Social Mapper can be implemented inside the malware which would make the detection of a potential target an even more manageable task.

Indeed, the power of Artificial Intelligence is probably limitless, but the experiment proves that security researchers still have a lot of work to do when it comes to cybersecurity. The examination of various apps should be taken into consideration, and any unexpected actions should be flagged immediately.

Deep Instinct’s Solution

The 20 has chosen Deep Instinct, the first company to apply deep learning to cybersecurity, for our MSP members to provide superior deep learning cybersecurity capabilities across service offerings and safeguard customers against current and future cyber threats.

Their solution provides full protection that is based on a prediction and prevention first approach, followed by detection and response, with unmatched efficacy against any cyber threat.

