They discovered that the AI-based engine appeared to give special treatment to the files associated with a popular unnamed
The experts used specific strings from the game’s executable and appended them to known malicious file to masquerade them.
“We chose Cylance for practical reasons, namely, it is publicly available and widely regarded as a leading vendor in the field,” reads a post published by Skylight. “However, we believe that the process presented in this post can be translated to other pure AI products as well.”
Skylight tested the universal bypass technique with popular hacking tools such as Mimikatz,
Skylight publicly disclosed the issue without giving time to BlackBerry Cylance to address the flaw with the release of a security patch, anyway Cylance investigated the problem during the weekend.
The vendor explained that the technique could not be classified as a universal bypass.
“On July 18
The vendor added that the issue, in limited circumstances, could be used to manipulate the type of features analyzed by the engine.
“Features can be any aspect of a file which can be interpreted or measured. These features are then passed to a mathematical algorithm for analysis.”
“This vulnerability allows the manipulation of a specific type of feature analyzed by the algorithm that in limited circumstances will cause the model to reach an incorrect conclusion.”
BlackBerry Cylance has implemented some changes to the algorithm that should detect feature manipulation. An update has already been pushed to the systems and the company plans to release a new agent to its endpoints over the next days.