Darktrace's CTO, Dave Palmer, told an audience yesterday at a roundtable hosted by Cyberseer that while ransomware cases continue to rise and law enforcement can do very little to help, we are living in a “golden age of criminality”.
According to Palmer, because there is little that law enforcement can do against ransomware – and while companies pay the ransom to preserve their businesses – it has created a sweet spot of sorts which is allowing criminals to make a “quick buck”.
As an ex-GCHQ staffer, Palmer now heads up Darktrace's research team which is looking into how artificial intelligence can help with the fight against ransomware.
Palmer mentioned a client of Darktrace's in the oil and gas industry that operates a vast network of mini submarines that are controlled by a ship which collect geophysical data from the bottom of the ocean floor.
Palmer says this is still the main concern when it comes to ransomware, where company data is frozen or inaccessible. Companies are often keen to pay the ransom just to have the ability to carry on working.
Others concerns include botnets, which Palmer describes as “a possible IPO” for the right ransomware. Dormant computers, IoT devices, payloads which analyse communications to create a customised and accurate phishing email, medical equipment (but not pacemakers – you can't pay if you're dead) and transport.
So what's the answer? According to Palmer it is artificial intelligence. Palmer says machines acting our behalf which are designed to detect intrusions by looking for the unusual and unexpected are the way forward.
But Palmer highlights there is no “perfect algorithm”, explaining that artificial intelligence still has to be coupled with probability calculations, to figure out what is real and what is a false flag.
This in turn should allow SOC teams to get away from being reactive, to being proactive, says Palmer. And given that response times need to be quicker and quicker, it's no real surprise that a helping hand is needed.