Uh Oh! Machine Learning and Ransomware

HiddenLayer’s SAI Team of researchers has developed a proof-of-concept attack to deploy malware via machine learning models. An attack that multiple cybersecurity vendors cannot detect. The implications can be severe, including malware, supply chain attacks, intellectual property theft, personal data leaks, etc.

The dangers are described in HiddenLayer’s blog, Weaponizing Machine Learning Models with Ransomware.

ML is going mainstream; however, there’s a lack of security to protect the efforts, especially given the number of downloads and repurposed pre-trained models. The top risks include supply chain attacks, IP theft, DoS, and sensitive data leaks.

HiddenLayer recommends proactive threat discovery, model behavior evaluation, cryptographic hashing and model signing, and an external security assessment.

You can watch HiddenLayer’s video below, or on YouTube here: Ransomware Hidden in & Executed from a Machine Learning Model – YouTube