Tools Like ChatGPT Will Make Malware Attack Detection More Difficult

Tools similar to ChatGPT will make detecting malware attacks even more difficult and generally make cyber risks worse for everybody. While other tools similar to ChatGPT will strive to counter this, the decades-long cat-and-mouse game of cybersecurity will go to an entirely new level. Fortunately, there are entirely different tools that also can significantly counter the coming onslaught of advanced malware attacks. The bulk of this blog post will explore how ChatGPT-like tools will make malware even more challenging. We will leverage the Mitre ATT@CK framework to do so.

Machine Learning and General Artificial Intelligence

Statistics are the essence of machine learning. One trains machine learning models with data so that it can make useful inferences about patterns and associations. Machine learning does not comprehend abstractions or concepts. At some point, a model gets so effective with its inferences that it appears to comprehend abstractions and concepts (eg, ChatGPT). Farther along, the difference between statistical inferences and the comprehension of abstractions and concepts becomes less and less clear. Ultimately, all this evolves to what might be called artificial general intelligence. 

Different machine learning models are trained to perform different functions. ChatGPT is known as a large language model (LLM). It seems to use human language as well or better as humans use it to seemingly comprehend and describe topics. Tesla has trained another amazing model that utilizes the many video cameras on a car such that the car can pretty much drive itself through city traffic better than a human. Endpoint protection products include specially trained machine learning models to tell bad from good files and behavior patterns to detect malware. Integrating a large language model with one or more different special purpose machine learning models will produce tools that are easier for people to use. Overall, these integrations will enable less skilled people to perform advanced work they otherwise could not. 

Unfortunately, similar integrations with LLM will enable cyber criminals with lesser skills and knowledge required to use advanced attack tools. More people will be capable of conducting advanced attacks; attack volumes will increase.

Initial Access: More Compelling Wording to Fool People, Greater Attack Exposure 

Phishing attacks, fake web pages, weaponized documents, and other pieces of content are used to fool people into clicking on links, opening files, and unknowingly giving away credentials. LLM enhancements to cyber attack tools will make it easier for adversaries to fool their victims. From a cybersecurity perspective, this first attack stage will experience higher success rates, which means all cyber layers intent on mitigating cyber risks will see increased volumes of attacks that get past the human layer, the user.

The LLM enhanced attack tools will do far more than use better grammar and more human wording. They will be capable of drawing from dark web data stolen from all kinds of commercial and government databases over the years. Users will receive email, chat messages, voice phone calls, and weaponized documents that will be remarkably tailored for the targeted victim. The content might include the name of one’s first pet, the maiden name of a grandmother, the details of a birthday present for a relative, the amount paid for last month’s electric bill, etc. More people will be fooled into clicking, opening, or entering credentials when they should not.  

Execution: Greater Numbers of More Evasive Malware

With more compelling wording to fool more people more often, users will encounter more malware. Worse, LLM enhanced attack tools will make malware even more difficult to detect. 

Already, the headlines featuring malware in trade publications indicate that there is already a sizable detection gap that adversaries penetrate almost daily worldwide against an unknown number of targets. Antivirus, machine learning enhanced antivirus, machine learning enhanced behavioral detection, and endpoint detection and response (EDR) regularly catch the more familiar malware. However, with some effort, sophisticated adversaries penetrate these defenses.

Telling bad from good files will be more difficult because LLM enhanced tools will rewrite the source code of existing malware and then recompile it. Traditional antivirus looks for an exact signature match. Machine learning enhanced antivirus looks at different pieces of a file seeking pattern matches. But, LLM has already been used to rewrite the source code of existing malware and then recompile it to evade detection. 

Malware source code can be rewritten a little or a lot. Most programmers can recognize the programming ‘style’ of their colleagues. This point might help non-programmers grasp the potential for variation when LLM rewrites existing source code: a little, a lot, a whole lot. The more the change the more unlikely the machine learning enhanced antivirus can recognize the malware.

Adversaries have already rewritten malware source code in an altogether different programming language. It performs the same functions but then the resulting binary looks very different. Imagine rewriting different portions in different programming languages using different compilers combined into one new file or spread across many. 

All this pertains to trying to recognize malicious executables. However, LLM could also make malicious script files more difficult to analyze. Many advanced attacks in 2022 hid some but not all malicious instructions within an image or other innocuous file. Malware crafted by a human is limited in how many different files related malicious instructions can be hidden within. An LLM enhanced tool can do far more complex variations of this concept.

Malware detection tools are already struggling to recognize malicious files. LLM enhanced tools will make that far more challenging.

Defense Evasion: Malicious Behaviors Will be More Difficult to Recognize

[We’ll look at “Persistence” and “Privilege Escalation” after “Defense Evasion”]

Behavioral detection tools look not at one file but instead at the behavior or activities in an endpoint for some kind of behavioral pattern match of high-statistical confidence. When the match confidence is high, the endpoint protection tool would automatically intervene (eg, terminate processes, undo changes, etc.). When the match confidence is low, the endpoint protection tool generates an alert and sends it to a vendor cloud. 

Some of these are successfully analyzed and automatically responded to by the cloud. Others require human intervention. And, some alerts are never recognized and many turn out to be false. Enterprises and managed security providers employ many people to investigate statistically low confidence detection alerts. LLM enhanced tools will significantly increase alerts fatigue and alerts investigations costs.

Adversaries have been fooling behavioral detection for years by inserting pauses and distracting behaviors (unnecessary but different). Imagine an attack consisting of ten stages but in between stages three and four, a four hour or four day pause is inserted. Alternatively, imagine a series of pattern matches stemming from the behavior of a single computing process but instead with LLM enhancement the behavior is spread across a dozen processes. The point here is not whether this is an effective evasion technique but to illustrate how LLM can also make behavioral pattern matching far more difficult.

Persistence and Privilege Escalation: Potential Impact is Unclear

Persistence is intended to enable malware to run after its host has restarted. There are many variations. They generally involve adding or altering a file, registry key, registry key value, or some other object/string. Most attacks only do one of these, some do two for redundancy. 

Privilege Escalation techniques are used to attain use of a computing process on the attacked host that has elevated privilege so greater harm can be performed that the operating system itself would otherwise not allow. Here again, we will update this section when new insights arise about how LLM can make privilege escalation techniques more difficult to detect other than by helping to produce less recognizable behaviors.

More Adversaries will be able to Use More Sophisticated Techniques Because of ChatGPT-like Enhancements

LLM might not directly affect the “Persistence” and “Privilege Escalation” tactics. However, LLM will eventually make it easier for less skilled attackers to utilize sophisticated techniques they otherwise could not. 

How so? Remember, different machine learning models are trained to fulfill different purposes. The LLM is trained for human language. All potential adversaries are fluent in at least one human language. Other tools designed for different purposes are too complex and require too much skill for most people to use. The LLM will effectively become the ‘technical translator’ for less skilled attackers to utilize complex tools otherwise beyond their means. 

Credential Access: More Credentials will be Stolen or Forged

With more “Initial Access”, less detectable “Execution”, and less detectable “Defense Evasion”, then more attacks will persist long enough to steal credentials for the OS, web browsers, and other caches. 

Forged credentials (new ones created by attackers) will be more difficult for Identity Threat Detection and Response systems to recognize. LLM might or might not severely impact forged credential detection. Detection is relatively easy when a timestamp revealing its age exists, for example. Otherwise, other indicators are needed to recognize a forged credential. Azure Active Directory, for example, features many different data fields associated with any one credential: first and last name, job title, organization, supervisor, past activities, etc. LLM, can harvest and analyze data during a discovery phase to craft a convincing profile for the forged credential so it doesn’t look abnormal. If that forged credential allows for various forms of remote access, then we have a direct example of how LLM can deliver enhanced “Persistence”. 

Discovery: the Better the Predator Understands its Prey, the More Successful the Hunt

Once an adversary can remotely access a malicious computing process within an endpoint, the adversary can assess the environment. The computing process returns a lot of obscure data that is meaningless to most people. LLM can enhance attack tools to translate that data into ‘human terms’ as well as state in ‘human terms’ what tactics, techniques, and procedures are best used for the discovered environment. The attacker's goals are more likely to be attained and the defenders have less time to detect and respond to the attacker. 

Another potential impact from LLM pertains to targeting. Adversaries that target a specific enterprise for a specific set of goals will need to identify specific user accounts and endpoints. Once one account is compromised, LLM can sift through that account’s email, messages, documents, and other resources to find, for example, who are the developers for some project. To get to the developers, the LLM might identify users and endpoints that interact with those developers. Once identified, the appropriate accounts and endpoints can be targeted. Cyber espionage will become quicker and more effective.

Lateral Movement: Smarter, Faster, more Effective

More “Initial Access”, more effective “Execution” and “Defense Evasion”, will result in more “Credential Access” (ie, theft), which will enable more lateral movement. Once on a new endpoint, LLM can peruse documents, script files, and other resources for useful credentials for yet more lateral movement.

Various detection tools seek out malicious behavior patterns. LLM will discover useful information about the user of a compromised endpoint or user account and translate that into what user behaviors might be expected. LLM can also make using specialized tools for discovering ‘normal user or application behavior patterns easier so they can be mimicked to make intrusion detection more difficult. Dwell times will increase and impact harm will also increase.

Collection: More Needles Found in More, Larger Haystacks

Finding the data and information that is sought can require considerable time. Most adversaries are unfamiliar with subject matter. LLM will make finding what is sought easier and faster, which will decrease odds of detection. LLM will also make monetizing stolen information easier and more profitable. More success will attract more cyber criminals to cyber espionage, which will result in increased attack volume. 

Command and Control: 

Overall, LLM will make the attack tools that perform command and control functions easier for less skilled criminals to use. Attack volumes will increase.

LLM will directly affect communications. Malware already leverages applications on endpoints and cloud services to transmit files, instructions, and data. LLM will enable attackers to communicate via these hijacked channels using human language, which any TV or movie viewer knows can disguise hidden meaning. Intrusions will be more difficult to detect. Dwell times will increase and attack impacts will be more severe. 

Exfiltration: Upload the Needles, Not the Haystacks

Typically, adversaries upload data and files found on compromised endpoints in bulk. LLM will enable adversaries to be more selective about what they upload, transmitting far less and decreasing the likelihood of detection via network monitoring.

Overall Impact from ChatGPT/LLM Technology on Cybersecurity

Nearly every tactic of the Mitre ATT@CK framework will be directly impacted by LLM technology. Malware attack success rates will increase, dwell times will increase, malware attacks will become more profitable, and more criminals will be attracted to a career in cyber crime. Further, LLM will enhance attack tools to make them easier to use, will then lower the skill-set required to use them, will then increase the population of attackers, and will then increase the number of attacks. Greater success rates combined with greater ease of use will further drive up attack volumes. The overall impact from ChatGPT/LLM will make cyber risks worse for everybody, particularly those that rely solely on detection-based defenses that must recognize the malware itself to be successful.

Adding a Controls-based Layer of Protection such as AppGuard will Substantially Enhance Cyber Defenses Against ChatGPT/LLM Enhanced Attacks

For years, across the globe, for thousands of organizations, AppGuard has been stopping malware attacks that eluded detection-based defenses, which either missed them entirely or detected them too late. The outcome for those organizations has been improved risk mitigation, substantial reduction in cyber labor defense costs, and a palpable reduction in cyber chaos within cyber operations.

AppGuard is controls-based protection that resides on the hosts it protects. It enforces policies with kernel-level controls that block those activities necessary for a malware attack to achieve its goals. Usually, one block is enough to stop an entire attack. Sometimes multiple blocks are necessary. Regardless, most of the malware headlined in trade publications that you have read about in recent years was probably stopped by AppGuard in the field or in the lab. 

AppGuard radically reduces the endpoint attack surface. Less attack surface lowers malware attack success rates and helps detection-based defenses be more effective. They can be tuned better, focused on higher-risk techniques, and free-up personnel from wasteful alert investigations.


Subscribe to our blog to receive email notifications when new posts are added!