{"id":21648,"date":"2022-12-07T14:19:45","date_gmt":"2022-12-07T14:19:45","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/07\/researchers-weaponize-machine-learning-models-with-ransomware\/"},"modified":"2022-12-07T14:19:45","modified_gmt":"2022-12-07T14:19:45","slug":"researchers-weaponize-machine-learning-models-with-ransomware","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/07\/researchers-weaponize-machine-learning-models-with-ransomware\/","title":{"rendered":"Researchers Weaponize Machine Learning Models With Ransomware"},"content":{"rendered":"

<\/a>\n<\/p>\n

\n

As if defenders of software supply chains didn\u2019t have enough attack vectors to worry about, they now have a new one: machine learning models.<\/p>\n

ML models are at the heart of technologies such as facial recognition and chatbots. Like open-source software repositories, the models are often downloaded and shared by developers and data scientists, so a compromised model could have a crushing impact on many organizations simultaneously.<\/p>\n

Researchers at HiddenLayer, a machine language security company, revealed in a blog<\/a> on Tuesday how an attacker could use a popular ML model to deploy ransomware.<\/p>\n

The method described by the researchers is similar to how hackers use steganography to hide malicious payloads in images. In the case of the ML model, the malicious code is hidden in the model\u2019s data.<\/p>\n

According to the researchers, the steganography process is fairly generic and can be applied to most ML libraries. They added that the process need not be limited to embedding malicious code in the model and could also be used to exfiltrate data from an organization.<\/p>\n

\"Machine<\/p>\n

Image courtesy of HiddenLayer<\/p>\n\n

Attacks can be operating system agnostic, too. The researchers explained that the OS and architecture-specific payloads could be embedded in the model, where they can be loaded dynamically at runtime, depending on the platform.<\/p>\n

Flying Under Radar<\/h3>\n

Embedding malware in an ML model offers some benefits to an adversary, observed Tom Bonner, senior director of adversarial threat research at the Austin, Texas-based HiddenLayer.<\/p>\n

\u201cIt allows them to fly under the radar,\u201d Bonner told TechNewsWorld. \u201cIt\u2019s not a technique that\u2019s detected by current antivirus or EDR software.\u201d<\/p>\n

\u201cIt also opens new targets for them,\u201d he said. \u201cIt\u2019s a direct route into data scientist systems. It\u2019s possible to subvert a machine learning model hosted on a public repository. Data scientists will pull it down and load it up, then become compromised.\u201d<\/p>\n

\u201cThese models are also downloaded to various machine-learning ops platforms, which can be pretty scary because they can have access to Amazon S3 buckets and steal training data,\u201d he continued.<\/p>\n

\u201cMost of [the] machines running machine-learning models have big, fat GPUs in them, so bitcoin miners could be very effective on those systems, as well,\u201d he added.<\/p>\n